[tex-live] Status of restricted \write18 and epstopdf conversion
Manuel Pégourié-Gonnard
mpg at elzevir.fr
Thu Oct 15 23:55:16 CEST 2009
Hi all,
As some of you already noticed, and Norbert explained in reply, two days
ago we temporarily removed nearly all programs, including epstopdf, from
the list of allowed programs in restricted \write18, since the don't
impose enough restrictions (if any) on the output file name, hence
making openout_any=p ineffective.
In the meanwhile, we prepared and tested internally a newer, restricted
version of esptopdf, called repstopdf, and added it again to the list of
allowed program. We also made a trivial change to the epstopdf package
so that it now calls repstopdf. It means automagic esptopdf conversion
is back again, and hopefully this time without security issues.
The only programs currently allowed are kpsewhich and fc-match, which
are obviously safe, and repstopdf, which has been specially crafted for
this purpose: all options are checked to avoid injection, so the only
external program called is ghostscript with -dSAFER, and the output file
name is subject to conditions more restrictive than openout_any=p (it
was easier than to implement a true support of this variable). For more
details, please look in texmf.cnf and epstopdf.pl itself.
This is most probably the definitive list of programs for this release.
Later, we wish to include more programs, but will check the security
aspect of each individual program before (implementing restricted
version, possibly as wrappers, when necessary). Our primary goal was to
have the eps inclusion work, and it does.
Tlnet and the images have been rebuilt today to include these changes.
The newer version, dated from today, should soon be at your usual mirror.
Testing is even more welcome than ever.
Manuel.
More information about the tex-live
mailing list