[tex-k] secure mode of dvips should be default
Sun, 3 Jun 2001 13:05:02 +0200
Thomas Esser <firstname.lastname@example.org> writes:
> Even better would be to use libgz / libbz2 for decompression. No fork,
> no security problem.
Good idea; we could have an autoconf check whether libgz is
installed, and fallback to calling the gunzip/... executables
instead. I've submitted this as a feature request for xdvik to
As for the suggestion for 3 security levels: I think that
handling .gz files automagically probably makes level 2 (allow
only execution of `specific' shell commands) unneeded.
But then we'd also need to update some documentation: Currenlty
epslatex.ps and grfguide.ps list uncompression via shell escapes
as (the only) example for using \DeclareGraphicsRule ...