[tex-live] Re: paranoid file handling

Olaf Weber olaf at infovore.xs4all.nl
Fri Nov 5 21:20:40 CET 2004

Olaf Weber writes:

>> The message is kind of wrong, since it should be "Not reading from".

> Hm.  Need to check that.

Looks fixable, but isn't going to be fixed in this round.

>> I wonder why this file is not read since it's not something

>> .
>> ./
>> ../
>> whatever/../../../

>> or: shouldn't period prevention be limited to the occurence of . and
>> .. path segments only? Nowadays paths with periods in it are rather
>> common.

> The period is not the reason: you've specified an absolute path for
> which TEXINPUTS doesn't contain a "root".

Sorry, did this off the top of my head: the real reason is that this
is an absolute path not rooted in $TEXMFOUTPUT.  From the manual:

  TeX can write output files, via the `\openout' primitive; this opens
a security hole vulnerable to Trojan horse attack: an unwitting user
could run a TeX program that overwrites, say, `~/.rhosts'.  (MetaPost
has a `write' primitive with similar implications).  To alleviate this,
there is a configuration variable `openout_any', which selects one of
three levels of security.  When it is set to `a' (for "any"), no
restrictions are imposed.  When it is set to `r' (for "restricted"),
filenames beginning with `.' are disallowed (except `.tex' because
LaTeX needs it).  When it is set to `p' (for "paranoid") additional
restrictions are imposed: an absolute filename must refer to a file in
(a subdirectory) of `TEXMFOUTPUT', and any attempt to go up a directory
level is forbidden (that is, paths may not contain a `..'  component).
The paranoid setting is the default.  (For backwards compatibility, `y'
and `1' are synonyms of `a', while `n' and `0' are synonyms for `r'.)

Olaf Weber

               (This space left blank for technical reasons.)

More information about the tex-live mailing list