[tex-live] Status of restricted \write18 and epstopdf conversion

Tue Oct 20 01:04:33 CEST 2009

2009/10/19 Alexander Cherepanov <cherepan at mccme.ru>:
> On Tue, 20 Oct 2009 01:47:58 +0900, "Akira Kakuto" <kakuto at fuk.kindai.ac.jp> wrote:
> BTW why wrappers around .bat files are needed in texlive?

It is actually the other way around, we have some .bat wrappers around
texlua scripts but not for (r)epstopdf (see my other message).

2009/10/19 Alexander Cherepanov <cherepan at mccme.ru>:
> AIUI \write18 doesn't start a shell but calls repstopdf which in turn
> runs "perl epstopdf.pl" through a number of wrappers. And one of these
> wrappers indeed runs next command with all arguments in a shell. At
> this point a pipe symbol from arguments seems to touch a shell.

That is true and the problem is .bat wrappers that we use. Wherever a
.bat wrapper is used it has to be executed through cmd.exe and then we
have a problem if the argument list contains special characters
interpreted by the shell like the command separator.

I don't see any other solution than to get rid of the .bat wrappers in
favour of .exe stubs, at least in the security sensitive contexts.
This will not happen before the release, unfortunately. It will take
some time get those security issues sorted.

Cheers,

Tomek