[pmwiki-users] MimeTex
Patrick R. Michaud
pmichaud at pobox.com
Wed Sep 6 08:37:38 CDT 2006
On Wed, Sep 06, 2006 at 03:18:59PM +0200, christian.ridderstrom at gmail.com wrote:
> On Wed, 6 Sep 2006, Patrick R. Michaud wrote:
>
> > MimeTeX should be fairly safe -- it's designed for the web, and the
> > "dangerous" LaTeX commands (such as \input{ }) are sandboxed and/or
> > filtered in MimeTeX.
>
> Hmm... are you sure about that? I thought I managed to get /etc/passwd to
> be shown using MimeTeX. That was a while back, so maybe it has been fixed
> now.
It was fixed some time ago -- I believe right about the same time
you managed to get /etc/passwd to be shown using MimeTeX. :-)
In Feb/Mar 2005 there was a bug in MimeTeX that caused the
PATHPREFIX sandbox to not sandbox properly, but that was quickly
closed when I pointed it out to John Forkosh. So, since then
things have been pretty safe.
Pm
More information about the pmwiki-users
mailing list