[texworks] HELP: Integrated Tw LaTeX2e Help dialogue

Reinhard Kotucha reinhard.kotucha at web.de
Thu Jul 1 02:39:39 CEST 2010


On 1 July 2010 Paul A Norman wrote:

 > Now the issue is:  should Tw scripting genreally have various forms of
 > file access or not.
 > 
 > If it is not consdidered safe, then logically we must disable it for
 > the Lua and Python and any other future scripting modules as well.

If such a script is able to create/overwrite a file called ~/.rhosts
I'm quite concerned.  The world is not as friendly as had been
20~years ago.

It would be nice if the level of paranoia can be defined in texmf.cnf .

Example:

 > % Allow TeX \openin, \openout, or \input on filenames starting with `.'
 > % (e.g., .rhosts) or outside the current tree (e.g., /etc/passwd)?
 > % a (any)        : any file can be opened.
 > % r (restricted) : disallow opening "dotfiles".
 > % p (paranoid)   : as `r' and disallow going to parent directories, and
 > %                  restrict absolute paths to be under $TEXMFOUTPUT.
 > openout_any = p
 > openin_any = a

Regards,
  Reinhard

-- 
----------------------------------------------------------------------------
Reinhard Kotucha			              Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover	                      mailto:reinhard.kotucha at web.de
----------------------------------------------------------------------------
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
----------------------------------------------------------------------------


More information about the texworks mailing list