[Pmwiki-users] Re: LinuxTex Security

[chr@home.se]

On Thu, 9 Dec 2004, Patrick R. Michaud wrote:

> On Thu, Dec 09, 2004 at 01:31:26PM +0100, Nils Knappmeier wrote:
> > the comments in the linuxtex-cookbook-recipe say, that it is not very safe.
> > To be specific, it is very easy to read any file on the server by just 
> > using something like
> > 
> > {$ 1 $ \input{/etc/passwd} $ 2  $}

> Yeah, I don't think there's a reliable way to do it through input
> filtering.  The better bet would be to see if there's a way to get
> TeX to run in a restricted mode.

Oops... that works in PmWiki as well - I just tested it.

> All of this reminds me that I need to restore the MimeTeX functionality
> for version 2, and update it to use the improvements that John Forkosh
> has added since the original (some of the improvements are based on
> things we did in PmWiki!).  I'll put that on my to-do list.

/Christian

-- 
Christian Ridderstr?m, +46-8-768 39 44               http://www.md.kth.se/~chr