[tex-k] secure mode of dvips should be default
Sun, 3 Jun 2001 10:12:20 +0200 (MET DST)
> Xdvi implements such a trusted list, sort of. If xdvi encounters a
> PostScript file whose name ends in .Z or .gz or .bz2, and if the first
> 2-3 bytes of the file are the correct magic bytes for the file type,
> then xdvi will automatically pass the file through uncompress or gunzip
> or bunzip2 before processing it. IMHO, dvips should do the same
> (and TeX, likewise, when getting bounding box information).
> Comments, anyone?
Even better would be to use libgz / libbz2 for decompression. No fork,
no security problem.