[tex-live] Status of restricted \write18 and epstopdf conversion
P.Taylor at Rhul.Ac.Uk
Tue Oct 27 11:03:51 CET 2009
Manuel Pégourié-Gonnard wrote:
> I'm sorry but I disagree. Comparing tex with sh is completely
> inappropriate. TeX is supposed to be a document processor, and its
> documentation strongly suggest it can *not* be used to execute arbitrary
> commands. (That's the whole point of \write18 being disable by default
> for all these years and our efforts for developing a restricted version
> this year, and you know that.
I support Manual's point of view, and -- to my mind -- there
would be considerable benefit in actually calling the "sh"
variant of TeX something other than TeX. TeX should never
(IMHO) communicate with the O/S through the medium of \write
18; if communication with the O/S through \write 18 is
required, then a separate program should be invoked, which
we might call (for example) uberTeX. No users would ever
then inadvertently process a Trojan-laden document, since
the use of uberTeX would have to be a conscious decision
by that user.
More information about the tex-live