[tex-live] PStricks is broken with XeTeX with latest TeXLive update

Ulrike Fischer news3 at nililand.de
Thu Apr 28 16:48:29 CEST 2011

Am Thu, 28 Apr 2011 16:24:13 +0200 schrieb Zdenek Wagner:

>> I did not say that with a tiny bit of intention to be rude and if you felt
>> any rudeness from my side, then I apologize. What I really meant was that it
>> was working fine before but now it does not so perhaps something has
>> changed.

> The problem is that in principle GS can read and write files. It is
> therefore possible to create a malicious EPS file that will damage the
> contents of your disk. Option -dSAFER disables I/O. If you remove this
> option as default, you open a potentian security hole. Users should
> know what they are doing before such a change an they should know
> whether the files are safe enough..

But what is the sense to put a non-working command in dvipdfmx.cfg?
If safety is the issue then it would seem more sensible to enter the
correct entry but to comment it and to ask the user to uncomment it
if they want (x)dvipdfmx to allow to call gs. 

Also obviously previous ghostscript versions don't use the safer
setting, so if more security is wanted texlive should perhaps add
-dSAFER as default so that it breaks at least for everyone ;-) 

BTW: I can reproduce the problem with the miktex if I add to the
line for mgs (the miktex ghostscript) -dSAFER, so its default is

Ulrike Fischer 

More information about the tex-live mailing list