[Pmwiki-users] LinuxTex Security

Patrick R. Michaud pmichaud
Thu Dec 9 07:04:59 CST 2004


On Thu, Dec 09, 2004 at 01:31:26PM +0100, Nils Knappmeier wrote:
> the comments in the linuxtex-cookbook-recipe say, that it is not very safe.
> To be specific, it is very easy to read any file on the server by just 
> using something like
> 
> {$ 1 $ \input{/etc/passwd} $ 2  $}
> 
> I  don't know how to remove this vulnerablity completely. (Just 
> filtering \input) might not be enough, since it might be hidden in other 
> commands as well.

Yeah, I don't think there's a reliable way to do it through input
filtering.  The better bet would be to see if there's a way to get
TeX to run in a restricted mode.

All of this reminds me that I need to restore the MimeTeX functionality
for version 2, and update it to use the improvements that John Forkosh
has added since the original (some of the improvements are based on
things we did in PmWiki!).  I'll put that on my to-do list.

Pm



More information about the pmwiki-users mailing list