On Wed, Mar 24, 2010 at 10:43 AM, Conrad Irwin conrad.irwin@googlemail.com wrote:
Yes, \openout, \write, \closeout, \openin, \read, \closein. The infamous one is \write18, 18 is a special file descriptor that just executes shell commands, you can also use \openin={|<shell command>}.
People have noticed this problem, so some distributions disable \write18 (and opening with |), and also configure it such that files can only be read and written within the current directory or subdirectories. This is, to my knowledge, not by-passable.
As long as the worst that could happen on a large majority of installations is DoS, I don't think we should be afraid to rewrite the code just because *maybe* it would be less secure. We should obviously check over the new code carefully, but I wouldn't say it's any more security-critical than random pieces of MediaWiki -- which are typically vulnerable to XSS if someone forgets to escape something.