[tex-live] Status of restricted \write18 and epstopdf conversion

Philip TAYLOR P.Taylor at Rhul.Ac.Uk
Tue Oct 27 12:14:23 CET 2009

Manuel Pégourié-Gonnard wrote:

> No, it is not the case, and it never was the plan. The plan was that the
> default enabled a *restricted* version of shell-escape, able to run only
> a few carefully checked commands, in order to avoid tex begin equivalent
> to 'tex -shell-escape'. We finally withdrawn that for TL09 since some
> problems were found.

> Restricted shell-escape is not at all the same as the current
> -shell-escape feature. I we think a bit about it, *tex is already
> capable of running a few external commands (the mktex* scripts for all
> of them, dvipdfmx for XeTeX). The point is to be able to control
> precisely which commands can be run from a tex document.

OK, I don't want to pursue this one excessively (mainly because,
it being a glorious autumn day, I am keen to get out cycling),
but isn't it /possible/ that through a clever combination of
dirty tricks, a Trojan could fake one of the very commands
that the restricted version of shell-escape is willing
to execute, thereby once again compromising the whole system ?

For myself, I strongly believe that /no/ version of shell-escape
should be installable as a default; if a user wants shell-escape,
then let him/her type it explicitly.

** Phil.

More information about the tex-live mailing list