[tex-k] secure mode of dvips should be default

Atsuhito Kohda kohda@pm.tokushima-u.ac.jp
Fri, 01 Jun 2001 15:53:16 +0900

Dear upstream author(s) of dvips.

I do not know who is currently responsible for dvips so I send 
this mail to both of you.  Very sorry if there is any inconvenience.

I am a member of maintainance team of Debian's teTeX
and we got the following report from a user.

We think this should be fixed in upstream because this is
security issue and a fix for Debian local is not sufficient.

I wish you will fix it.

Best regards,			2001.6.1

 Atsuhito Kohda
 Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
 Department of Math., Tokushima Univ.

================= Bug report
To: submit@bugs.debian.org
Subject: "secure" mode in dvips should be the default
From: eichin@thok.org (Mark W. Eichin)
Date: 29 Nov 1999 22:07:33 -0500
Message-ID: <xe1wvr0smmi.fsf@paycheck.thok.org>
Package: tetex-bin
Version: 1.0.6-1

The dvips "-R" option tells it to run "securely", ie. to *not* allow
execution of backtick-escapes in \special, among other things.  This
should really be the default (although that would be a local change, I
have seen it made at other sites before.)

I haven't tested to see if it *is* already the default - if it is,
then the info file and man page need to be updated to say so, they
both indicate that insecure-mode is default.