[tex-live] ConTeXt in TL on Windows broken
Reinhard Kotucha
reinhard.kotucha at web.de
Tue Jun 1 20:52:11 CEST 2010
On 1 June 2010 Taco Hoekwater wrote:
> T T wrote:
> >
> >> Is Context /really/ that bad/dangerous ?!
> >
> > If an attacker would place a rogue texlua.exe in the current directory
> > (not that hard on windows), then you get arbitrary code execution if
> > you pick up executables from there. Is that bad enough?
>
> But wouldn't they have to place 'our' mtxrun.dll in the current
> directory as well then? Doesn't sound very likely to me.
No, I assume that a "texlua.exe" prepared by an attacker only needs
msvcrt.dll. The latter provides everything needed in order to give
you more free disk space.
But I think this is not Context related. It's a Windows problem which
cannot be solved. If someone places a rogue texlua.exe in your
current working directory, you are lost. ... Or at least your files.
Regards,
Reinhard
--
----------------------------------------------------------------------------
Reinhard Kotucha Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover mailto:reinhard.kotucha at web.de
----------------------------------------------------------------------------
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
----------------------------------------------------------------------------
More information about the tex-live
mailing list