[tex-k] secure mode of dvips should be default
Atsuhito Kohda
kohda@pm.tokushima-u.ac.jp
Fri, 01 Jun 2001 15:53:16 +0900
Dear upstream author(s) of dvips.
I do not know who is currently responsible for dvips so I send
this mail to both of you. Very sorry if there is any inconvenience.
I am a member of maintainance team of Debian's teTeX
and we got the following report from a user.
We think this should be fixed in upstream because this is
security issue and a fix for Debian local is not sufficient.
I wish you will fix it.
Best regards, 2001.6.1
--
Debian Developer & Debian JP Developer - much more I18N of Debian
Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Department of Math., Tokushima Univ.
================= Bug report
To: submit@bugs.debian.org
Subject: "secure" mode in dvips should be the default
From: eichin@thok.org (Mark W. Eichin)
Date: 29 Nov 1999 22:07:33 -0500
Message-ID: <xe1wvr0smmi.fsf@paycheck.thok.org>
Lines: 11
X-Mailer: Gnus v5.5/Emacs 20.3
Package: tetex-bin
Version: 1.0.6-1
The dvips "-R" option tells it to run "securely", ie. to *not* allow
execution of backtick-escapes in \special, among other things. This
should really be the default (although that would be a local change, I
have seen it made at other sites before.)
I haven't tested to see if it *is* already the default - if it is,
then the info file and man page need to be updated to say so, they
both indicate that insecure-mode is default.