[tex-live] Re: Bug#316154: texmf.cfg: Close possible security problem

Hilmar Preusse hille42 at web.de
Sat Aug 20 09:49:32 CEST 2005


On 29.06.05 Hans Hagen (pragma at wxs.nl) wrote:
> Frank Küster wrote:

Dear Thomas, dear TeXLive people,

> >in Debian bug report we have been asked to change the setting of
> >openin_any in texmf.cnf:
> >
> >Joachim Breitner <nomeata at debian.org> wrote:
> >
> >
> >>the shipped /etc/texmf/texmf.cfg has the following lines:
> >>
> >>openout_any = p
> >>openin_any = a
> >>
We've discussed with the submitter. We've got to the conclusion, that
changing the settings is not really necessary by default. He instead
suggested to leave a note above the line documenting that it *might*
be dangerous and how to change it, for example:

% The default settings are not secure when you process LaTeX files of
% possibly doubtful origin. In this case, set openin_any = p.

I've no clue if that will really help many people, however you could
consider to modify the texmf.cnf in that way.

Regards,
  Hilmar
-- 
sigmentation fault



More information about the tex-live mailing list