[tex-live] ConTeXt in TL on Windows broken
T T
t34www at googlemail.com
Tue Jun 1 18:31:45 CEST 2010
On 1 June 2010 17:12, Taco Hoekwater <taco at elvenkind.com> wrote:
> T T wrote:
>>
>>> Is Context /really/ that bad/dangerous ?!
>>
>> If an attacker would place a rogue texlua.exe in the current directory
>> (not that hard on windows), then you get arbitrary code execution if
>> you pick up executables from there. Is that bad enough?
>
> But wouldn't they have to place 'our' mtxrun.dll in the current
> directory as well then? Doesn't sound very likely to me.
No, if we would follow the default behaviour on Windows and search the
current dir for binaries. (which we don't do precisely because bad
things can happen, so it is a security measure as mentioned somewhere
at the beginning of this thread).
Cheers,
Tomek
More information about the tex-live
mailing list