[tex-live] %& first line parsing different jobname

Manuel Pégourié-Gonnard mpg at elzevir.fr
Wed Jun 10 00:23:02 CEST 2009

Robin Fairbairns a écrit :
> since it's a potential security issue[*], it should be protected by a
> control like that on write 18.  if it's not, then its existence in
> miktex is surely a bug.
> [*] attacker sends a file which you innocently run through pdflatex, and
> it overwrites some important pdf file of yours.

Hum, \openout and \write already are a security issue wrt this problem, unless
I'm mistaken. (And actually they are dealt with by the configuration parameter
openout_any in web2c)


More information about the tex-live mailing list