[tex-live] %& first line parsing different jobname
mpg at elzevir.fr
Wed Jun 10 00:23:02 CEST 2009
Robin Fairbairns a écrit :
> since it's a potential security issue[*], it should be protected by a
> control like that on write 18. if it's not, then its existence in
> miktex is surely a bug.
> [*] attacker sends a file which you innocently run through pdflatex, and
> it overwrites some important pdf file of yours.
Hum, \openout and \write already are a security issue wrt this problem, unless
I'm mistaken. (And actually they are dealt with by the configuration parameter
openout_any in web2c)
More information about the tex-live