[tex-live] Security issues for restricted shell escape

Karl Berry karl at freefriends.org
Sat Jul 18 01:58:32 CEST 2009


    * etex, latex, luatex, lualatex, pdflatex, pdfluatex, tex
    * texexec (at least option `--paranoid' should be mandatory)
    * texmfstart

Perhaps the tex programs shouldn't be in the list.  I'm not sure there's
any great need for them.

    Therefore the recommendation should be also installing `rpdfcrop' and
    using `rpdfcrop' instead of `pdfcrop' in the command list.

Ok, good.

      bibtex,...,pdfcrop=>rpdfcrop,...

I don't want to introduce this complication now.

    PS: BTW ulqda is broken:
    | Can't locate Digest/SHA1.pm in @INC ...
    SHA1.pm is missing in tlpkg/tlperl/lib/Digest/

I guess I'll just remove ulqda.
It wouldn't surprise me if other Perl scripts had other dependencies
which we do not satisfy.


More information about the tex-live mailing list