Bug#316154: [tex-live] Re: Bug#316154: texmf.cfg: Close possible security problem

Hilmar Preusse hille42 at web.de
Sat Aug 27 12:57:19 CEST 2005

On 21.08.05 Karl Berry (karl at freefriends.org) wrote:

Hi Karl,

>     % The default settings are not secure when you process LaTeX files of
>     % possibly doubtful origin. In this case, set openin_any = p.
> I'm not too excited about putting such a vague and alarmist message
> into texmf.cnf.  I have no objection to putting in something more
> specific,
I'll think about that and try to rephrase that.

> What's the scenario where this is a problem again? If we're talking
> about some hypothetical web interface which allows generic
> uploading/running tex/displaying back, that's not a good idea for
> lots of other reasons, too.
Well, the submitter spoke about some mal code sent to somebody, who
calls it and the LaTeX file does something really bad. I don't know
how realistic that scenario is. Well, normally I don't read very long
documnents before processing them....

> >  I've no clue if that will really help many people, 
> I agree with you that 99% of users (at least) will never see a note in
> texmf.cnf, but we could write a couple of sentences in the
> documentation, if we can come up with something useful to say (even if
> just to point to when this question arises in the future).
Agreed. Where can I find the docs for texmf.cnf?

sigmentation fault

More information about the tex-live mailing list