[tex-k] secure mode of dvips should be default

Robin Fairbairns Robin.Fairbairns@cl.cam.ac.uk
Sat, 02 Jun 2001 11:54:33 +0100

> Thanks for the email on dvips security!
> Can you explain why secure mode should be on by default?
> In other words, how might I run TeX and/or dvips over
> untrusted code?  Provide me with a convincing attack
> scenario.  A time bomb in some macro source somewhere that
> gets included into a distribution?

command-line interaction is (imo very sensibly) turned off by default
in the tex-k distributions.  people _do_ distribute tex files for
people to execute (rather than distributing the ps or pdf), so there's
a potential attack from that facility.

but that same attack could in principle propagate to dvips -- someone
only has to include a special saying `rm -rf ~/* and ... pow!

i agree that off-by-default is what should appear in the