[tex-k] secure mode of dvips should be default

Sebastian Rahtz sebastian.rahtz@computing-services.oxford.ac.uk
Sun, 3 Jun 2001 13:19:54 +0100


Reinhard Kotucha writes:
 > Probably it would be best if this could be configured in texmf.cnf
 > rather than in all the config.<device> files.  There are two variables
 > concerning security.  AFAIK, they are used by TeX only.
 > 
 > It might be more difficult to implement, but I think that such a
 > variable could be used by xdvi as well.

if we are going to redo the whole system of configuration files in
the whole TeX world, lets make it all XML while we are about it....

 > Sebastian, it would be worth some thoughts whether the change you have
 > made should really go into TeXLive6.  TeXLive is a CDROM distribution
 > and is used by many people who do not have internet access.  They
 > cannot simply ask someone if something doesn't work as usual.  They
 > expect that things work as described in i.e. The LaTeX Graphics
 > Companion, which says that dvips can process gzipped eps files.

hmm. perhaps you are right. But my inclination is always with TeXLive to
go down the "Debian" route of ultra orthodoxy. What do others think?
People should be pushed to use the built-in decompression (though it
isnt perfect).

anyway, I have removed the `gunzip from dvips.def, so unless people
make up their own extras, they will not realize that anything has changed.
as of now, including a .ps.gz  file works as expected, without the
general security hole

 > In my opinion, it's better to implement the idea of trusted commands
 > first. 
in effect, thats what we have working. certain extensions trigger
certain decompression programs, for good or bad. 

 > We haved lived whith this security hole for years, it would
 > certainly be ok if TeXLive7 comes up with a better scheme.
if TeXLive 7 ever exists...

is anyone going to distribute TeXLive again in large quantities?
Unless they do, its all fairly immaterial!

 > Furthermore, I think that it doesn't make any sense to change the
 > default behaviour at all.  If I get a dvi file that contains shell
 > escapes, what should I do?  The dvi format is not human readable,
 > should I throw it away or should I run dvips in insecure mode?
you should convert it to readable form and edit the unsafe commands,
if you are worried (dv2dt, dt2dv)

 > The author of the file probably did nothing that isn't documented.
 > Does the error message I get show me the content of the \special?
yes, it does

sebastian