[pmwiki-users] MimeTex

Patrick R. Michaud pmichaud at pobox.com
Wed Sep 6 08:37:38 CDT 2006


On Wed, Sep 06, 2006 at 03:18:59PM +0200, christian.ridderstrom at gmail.com wrote:
> On Wed, 6 Sep 2006, Patrick R. Michaud wrote:
> 
> > MimeTeX should be fairly safe -- it's designed for the web, and the 
> > "dangerous" LaTeX commands (such as \input{ }) are sandboxed and/or 
> > filtered in MimeTeX.
> 
> Hmm... are you sure about that? I thought I managed to get /etc/passwd to 
> be shown using MimeTeX. That was a while back, so maybe it has been fixed 
> now.

It was fixed some time ago -- I believe right about the same time
you managed to get /etc/passwd to be shown using MimeTeX.  :-)

In Feb/Mar 2005 there was a bug in MimeTeX that caused the
PATHPREFIX sandbox to not sandbox properly, but that was quickly
closed when I pointed it out to John Forkosh.  So, since then
things have been pretty safe.  

Pm




More information about the pmwiki-users mailing list