[tex-k] secure mode of dvips should be default

Julian Gilbey J.D.Gilbey@qmw.ac.uk
Sat, 2 Jun 2001 23:15:59 +0100

On Sat, Jun 02, 2001 at 11:27:05PM +0100, Sebastian Rahtz wrote:
> I have updated the texk sources in TeXLive so that dvips can be made
> secure against shell escapes by using the "z0" directive in config.ps
> (which is now the default in TeXLive). It can be overridden on the
> command-line with -R1. Confusing letters, but the history of dvips
> does not allow much else to be done.

What would be really nice would be three levels of security:

-R0  no external commands executed

-R1  only trusted commands executed, such as gs (it shouldn't be two
     hard for the wizards to come up with such a list of commonly used
     commands, and they should be called directly, not via a shell, to
     avoid the possibility of shell tricks)

-R2  pass any `command special to a shell to handle

How feasible would this be?



         Julian Gilbey, Dept of Maths, Queen Mary, Univ. of London
       Debian GNU/Linux Developer,  see http://people.debian.org/~jdg
  Donate free food to the world's hungry: see http://www.thehungersite.com/