[texworks] HELP: Integrated Tw LaTeX2e Help dialogue
Reinhard Kotucha
reinhard.kotucha at web.de
Thu Jul 1 02:39:39 CEST 2010
On 1 July 2010 Paul A Norman wrote:
> Now the issue is: should Tw scripting genreally have various forms of
> file access or not.
>
> If it is not consdidered safe, then logically we must disable it for
> the Lua and Python and any other future scripting modules as well.
If such a script is able to create/overwrite a file called ~/.rhosts
I'm quite concerned. The world is not as friendly as had been
20~years ago.
It would be nice if the level of paranoia can be defined in texmf.cnf .
Example:
> % Allow TeX \openin, \openout, or \input on filenames starting with `.'
> % (e.g., .rhosts) or outside the current tree (e.g., /etc/passwd)?
> % a (any) : any file can be opened.
> % r (restricted) : disallow opening "dotfiles".
> % p (paranoid) : as `r' and disallow going to parent directories, and
> % restrict absolute paths to be under $TEXMFOUTPUT.
> openout_any = p
> openin_any = a
Regards,
Reinhard
--
----------------------------------------------------------------------------
Reinhard Kotucha Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover mailto:reinhard.kotucha at web.de
----------------------------------------------------------------------------
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
----------------------------------------------------------------------------
More information about the texworks
mailing list