[tex-k] secure mode of dvips should be default
Mon, 04 Jun 2001 10:43:07 +0200
Sebastian Rahtz <firstname.lastname@example.org> tastet:
> email@example.com writes:
> > would work. It would very much fit the old Unix philosophy of small
> > tools working together.
> It was/is a good philosophy, but it assumed that people were nice. As
> with so many other things, the minority of nasty people in the world
> spoil it for everyone else.
No it didn't. C assumes that people are nice, and programmers omni-
scient. The demans on our alertness with regard to what data we pass
around to libraries is no less when we use a library than an external
executable. Has the library been audited, was it written assuming
that the caller does all the needed sanity checks? What _are_ the
To be sure the system and popen calls have a notorious history, but it
_is_ well known what we have to do to not make them holey. The R modes
just discussed along with giving dvips/xdvi etc. extendable knowledge
about file-formats should be quite good enough.