Security in xdvik, was: Re: [tex-k] secure mode of dvips should be default

Stefan Ulrich ulrich@cis.uni-muenchen.de
Sat, 2 Jun 2001 19:34:01 +0200


Sebastian Rahtz <sebastian.rahtz@computing-services.oxford.ac.uk> writes:

> I just need to compile it all and test... (I am doing this because I
> am also integrating the latest T1-aware xdvik into TeXLive. Does the
> same problem occur in xdvi?)

You mean, with shell escapes being enabled by default?
This is not the case with xdvi(k); they are disabled by
default (`-allowshell' enables them). I've just checked it:
the description in the man page reflects the actual
implementation ;-)

The source special feature has no known security issues
either (no shell commands are used to invoke the editor,
but explicit forks).

Best regards
-- 
Stefan Ulrich