[tex-live] biber in texmf.cnf

Karl Berry karl at freefriends.org
Fri Sep 23 23:49:32 CEST 2011


    Oh, sorry, my question was unclear. I meant the section about shell-escape:
    So, it is allowed to start bibtex without --shell-escape, but not biber. 

It is not an oversight.  We expended a lot of time and effort on
auditing (and fixing) each program listed in shell_escape_commands.  The
goal is to ensure, as best we could, that it is not possible for an
arbitrary shell command to be run, or arbitrary file to be written, in
the face of malicious input, weird cmdline args, etc.

No such auditing has even been attempted for biber.  Just for a start, I
would think that it would need to have taint mode enabled, and force
loading its Perl::modules only from system directories.

Presumably in theory, with enough work, it would be possible to
construct a "restricted" biber (as we did for epstopdf) that could be
included.  That would be something to take up with Phil Kime.
(Personally, I don't think risk/benefit is anywhere near good enough to
bother with it.)

karl


More information about the tex-live mailing list