[tex-live] Status of restricted \write18 and epstopdf conversion
Manuel Pégourié-Gonnard
mpg at elzevir.fr
Tue Oct 27 10:48:25 CET 2009
Victor Ivrii a écrit :
> Sure, all dangers of \write18 not only existed for years but many
> people were aware of them.
Please, can we try not to mix up everything? We are not discussing only
the dangers of \write18. The last example was about TeX's \openout
feature. Most of the previous discussion was about the new "restricted"
\write18 feature, whose dangers cannot be known for years, since it is
so new (and now withdrawn).
There is security implications with tex, and some of them are not
obvious and should be considered seriously. We should discuss and try to
solve the non-obvious things, and stating that some other obvious facts
have been known for years doesn't help.
> However the low grade morons who would like
> to exploit these dangers were not among those who knew. But this
> discussion of dangers may reach them (so ostrich policy is not as
> stupid as some may think). Anyway a little diligence for alien TeX
> sources (\write18 or playing with kitty-codes :-) to mask write18
> would require a bit more caution) and we are safe!
>
I don't want to start a lengthy discussion about security principles,
here is not the place, and all the points I would make can already be
found in many places on the net. Just let me say that I strongly
disagree with the "security" conceptions above.
Manuel.
More information about the tex-live
mailing list