[texhax] Pointer to TeX Sandbox Howto needed

Klaus Grue grue at diku.dk
Tue Mar 24 10:56:52 CET 2009


Hi Torsten,

> as far as I can see schroot should be perfect for you. It allows to setup a
> chroot and give limited user access to it. Thus, a user can use "schroot
> latex" to compile a latex file.

Thanks for the pointer. schroot definitely looks promissing.

> However, I do not know what is the nature of your user access. There are
> physical available in front of your machine ? Or will they log in by ssh?

I have two security problems.

One is to give access to LaTeX through a web formula to untrusted users. I 
do that at http://logiweb.eu/logiweb/tutorial/submit.html. But in that 
case I can use chroot.

The other problem is that end users of my "Logiweb" application may not 
have root privileges and need a clean jail containing LaTeX when they need 
to cache a "Logiweb page" locally (a "Logiweb page" is a mixture of LaTeX 
and computer code in the tradition of literate programming, and "Logiweb" 
is something like a web2c which uses the Internet as repository). In this 
case schroot looks *perfect*.

For the end user problem above I need a small LaTeX installation so that I 
can make a fresh jail for each run af LaTeX. If I just put all TeX related 
files on a standard Ubuntu install in a chroot jail then the jail ends up 
being 72Mb. I will benchmark schroot to see if that is small enough, but 
if you happen to know smaller TeX installations, I would be very 
interested. Alternatively, one may of course clean and reuse jails, but 
such an approach has its own problems.

> ... you might like to use one of the virtual machines
> ... Some, which I used already ordered from simple (to) complex
> schroot aka chroot ...
> VServer ...
> VirtualBox ...
> Xen ...
>
> There a many many more
> http://en.wikipedia.org/wiki/Comparison_of_platform_virtual_machines
> might be a good overview to start with.
>
> In addition the usage of lvm is imho very helpful...
> ...
> Hope that helps a bit

Certainly, thanks a lot for the pointers.

Cheers,
Klaus


More information about the texhax mailing list