On 03/24/2010 02:00 PM, Aryeh Gregor wrote:
On Tue, Mar 23, 2010 at 6:28 PM, Conrad Irwin
<conrad.irwin(a)googlemail.com> wrote:
Many LaTeX installations can be made
read/write/execute anything by
default.
What does that mean? LaTeX can invoke external programs? Using what
commands? Is this functionality actually enabled in practice in stock
LaTeX installs?
Yes, \openout, \write, \closeout, \openin, \read, \closein. The infamous
one is \write18, 18 is a special file descriptor that just executes
shell commands, you can also use \openin={|<shell command>}.
People have noticed this problem, so some distributions disable \write18
(and opening with |), and also configure it such that files can only be
read and written within the current directory or subdirectories. This
is, to my knowledge, not by-passable.
There's also a (more recent) mode called "restricted write18", used by
more user-friendly distributions, this allows some commands (such as
bibtex or tex) to be used with write18 and |. Sadly, as arguments passed
to the commands are not validated (though they are shell escaped), it is
possible to break out of the sandbox.
Even if it were not possible to break out of restricted write18, there
will exist installations with write18 enabled, and I can't imagine
people remembering to check. Depending on the flavour of LaTeX in use it
is often possible to pass -no-shell-escape or --disable-write18 on the
command line, we should probably do that, unless unknown flags cause
errors, I'm not sure.
Conrad