On Wed, Mar 24, 2010 at 10:43 AM, Conrad Irwin
<conrad.irwin(a)googlemail.com> wrote:
Yes, \openout, \write, \closeout, \openin, \read,
\closein. The infamous
one is \write18, 18 is a special file descriptor that just executes
shell commands, you can also use \openin={|<shell command>}.
People have noticed this problem, so some distributions disable \write18
(and opening with |), and also configure it such that files can only be
read and written within the current directory or subdirectories. This
is, to my knowledge, not by-passable.
As long as the worst that could happen on a large majority of
installations is DoS, I don't think we should be afraid to rewrite the
code just because *maybe* it would be less secure. We should
obviously check over the new code carefully, but I wouldn't say it's
any more security-critical than random pieces of MediaWiki -- which
are typically vulnerable to XSS if someone forgets to escape
something.