That was in particular what I wanted you to take a look at, Tomasz. The templates exposed by the classes are limited; shell access is disabled (LaTeX); Python is running in safe (Lilypond); but I'm going to have to deal with \include elements, etc. ad hoc. And ad hoc runs contrary to texvc's methodology. I'd be especially interested if we could crack it in its present form, however; or prove some crack concepts. Best, Peter

Peter, really impressed by your LaTeX features. I am (unfortunately) still user of LaTex and dont actually know how to implement macros. Therefore I just want to inform you about a macro for chemical structure formulas which can be found (inside the famous article by Haas/Kane) at: http://math-cs.cns.uni.edu/~okane/cgi-bin/newpres/papers/tex/ I hope this helps a little bit to make WP step by step the one and only invincable encyclopedia (more as it is already, great compliments to all the programmers - hope to join soon...). Cheers, Mark -----Ursprungliche Nachricht----- Von: wikitech-l-bounces(a)Wikipedia.org [mailto:wikitech-l-bounces@Wikipedia.org]Im Auftrag von Tomasz Wegrzanowski Gesendet: Mittwoch, 10. Dezember 2003 18:14 An: Wikimedia developers Betreff: Re: [Wikitech-l] WikiTeX On Wed, Dec 10, 2003 at 05:37:42PM -0100, Peter Danenberg wrote: What about this: <rend class="math"> \input /etc/passwd </rend> \input-ting most stuff doesn't work, probably because of TeX-special characters in them, but there are the catcode tricks to go around this problem. I think that knowing structure of the server, or just guessing hard enough, it would be possible to get all files owned by apache, including those that contain passwords to the database. It's also quite likely that there are some ways to takeover the LaTeX process somehow. If all these efforts fail, there's still good ol' DOS attack. It should be quite easy to create input that require exponential effort from TeX, and use a couple of them to destroy the server. The moral: in the end you'll need a whitelist of allowed commands. _______________________________________________ Wikitech-l mailing list Wikitech-l(a)Wikipedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l

Peter- I would prefer to have the tags called <math>, <music>, <chess>, <chem>, <greek> etc. The basic idea of wiki is to make everything fast and easy to learn. Why should people have to type <rend class="music"> when they could just type <music>? Using the above scheme would also eliminate the need for converting existing <math> tags, but that's a minor advantage. Regards, Erik

Peter- Just make a <mathml> tag if that ever becomes an issue (about 2010 when MathML gets mainstream support). I don't get this one. And I don't think <rend class="math" value="x+y=z"/> is prettier. Regards, Erik

Peter Danenberg wrote: I'm pretty sure that I was talking about how texvc ''rendered'' that input. Anyway, <math> is much less ugly than <rend class="math">, right? ^_^ -- Toby

Timwi- If people want to learn HTML, they can go to [[HTML]]. XML-like constructs in our syntax do not preclude them from doing so. I don't see how this is more wiki-like. Most wiki tags are only valid in a paragraph or line context - that's why they don't need a clear ending demarcation. When dealing with content that may span several pages, it's nice to have a clear ending marker, and the added redundancy is not just machine- but also human friendly. We also have <pre>, <nowiki> etc. It also saves us lots of escaping should the not too uncommon character "]" ever occur inside one of these constructs. Regards, Erik

On Sat, Dec 13, 2003 at 12:56:12AM +0000, Timwi wrote: Wiki <pre> != HTML <pre> <wiki-pre> = <html-pre><nowiki>

On Fri, Dec 12, 2003 at 05:30:56PM -0800, Brion Vibber wrote: That's precisely why I decided to go <rend class=math>, etc., and pre-empt once and for all compatibility problems. Best, Peter

On Mon, Dec 15, 2003 at 07:34:16PM -0100, Peter Danenberg wrote: Please, let's use <music></music>, `[' has too many meanings already.

Timwi- It is XML syntax. Making the entire wikisyntax XML is of course unwiki. But in the case of multi paragraph constructs, it's useful and intuitive. Given that there is unlikely to be support for your proposed syntax, you'll either have to come up with a better one or tolerate this one, which extends the current <math> syntax. Regards, Erik

Is it a serious consideration that none of the examples are intuitive; or is that more than made up for by the de-anglicization? Peter

Timwi- Indeed. They are Perl coder centric. Is it a coincidence that you are one? :-) Regards, Erik (Perl coder)

On Mon, Dec 15, 2003 at 08:27:21PM +0000, Timwi wrote: `<' has only one use - starting/closing named tags. And adding more tags is consistent with it. It's also trivial to parse. Why are you opposed to using '<' this way ? I'm personally rather strongly in favour, so I wonder what are your reasons. Is it because you think people may confuse Wiki markup with XML (I don't think such confusion is likely to happen), or because you don't like <foo></foo> tags in general ?

Tomasz Wegrzanowski wrote: Those tags, however, have many meanings. Some are "real" HTML (like <table>, which fortunately we managed to introduce a Wiki syntax for), some are "mixed" (like <pre>) and some are "bogus" (like <math>). '<' has additionally the meaning of &lt;. I've pretty much laid out my reasons already ((1) "math" is anglocentric, (2) Wiki markup and XML should not be confused, and (3) {{{ blah }}} is always easier to type than <math> blah </math>, and not any more difficult to parse)... ... but I think I've made more of a fuss of it than I really intended. I don't actually care as much as I'm making it sound in this thread. Since there hasn't been any noticeable support of my proposal, I guess I'll retreat now. Timwi

Tomasz Wegrzanowski wrote: That moral does not follow. (If it did, sites like Planetmath.org and arXiv.org would be in trouble!) \input should simply be forbidden, like \write , \include , and, well, just about any command that reads files liberally. There are only a few of these, and we can check with the above sites if we want to make extra certain that we have not missed any. As for exponential computing effort, most TeX installations normally stop working after a small memory limit has been reached. Again, we can check with the above sites if we want to check that this is really enough. I don't mean to say that Peter, or his helpers, don't have the onus to check carefully and report to the list why they are sure that they have removed /all/ bad commands. But the blacklist is finite. The moral: when Donald E. Knuth writes a program instead of Microsoft, then it is not riddled with security flaws. ^_^ -- Toby

Tomasz Wegrzanowski wrote: Do you mean N individual requests to TeX something? Sure, that's a DoS attack, but how is texvc safe from that? How is the regular wiki parser safe from that, for that matter? None of the many modules for TeX is capable of introducing new I/O commands. So you check each relevant module for its use of these commands. Then DoS PlanetMath or arXiv and see how well you do. I mean, state specifically, if it is possible, what you would do. You never explained this the last time we had this conversation, to me or anybody else. -- Toby

Tomasz Wegrzanowski wrote: My local TeX installation has no problem with this, but if I go on to use \newcommand{\e} and make one more step, then it stops with this error: ! TeX capacity exceeded, sorry [main memory size=1000001]. Naturally, TeX is designed this way on purpose! This is /why/ it does not overload the server, because it has artificially limited memory capacity. By messing with our local TeX installation, we can set this limiting capacity to whatever we want, in order to ensure that TeX uses up only so much of our computing power. It's not much of a trick. It's certainly not a DoS attack; all that happens is that TeX stops running and the input is not rendered. This is basically the same thing that happens when texvc gets <math> \SomeCommandThatDoesNotExist </math>; the program exits with an error. Now, maybe wikitex doesn't handle this error properly! If wikitex crashes the server (to speak in hyperbole) when it gets an input that it can't properly compile, then that is bad. But if it instead prints "! TeX capacity exceeded, sorry [main memory size=1000001].", then it handles errors about as well as texvc does. (In fact, the prototype at <http://69.44.153.14/wikitex.php> prints nothing at all, which is a user-friendliness problem, but hardly a security flaw.) First, we don't have to check every module in any TeX distribution; we only have to check those modules that we choose to allow. If we don't have the module installed, then they can't use it! By itself, TeX has a few file I/O commands like \input and \write ; no module has file I/O commands that don't work by calling these. LaTeX has had a great deal of tasting, and its commands should be trusted, so this gives us several additional file I/O commands to look for. Yet most modules never use any of these! We can refuse to install those that use file I/O commands that we haven't checked thoroughly. Peter should assure us that he has gone through, say, the chess module and checked that it doesn't use any file I/O commands other than, say, \wlog (which writes to the log and cannot access any other file). Otherwise I would not trust the module in question. Actually, I think that this is a perfectly reasonable security doublecheck. I don't think that we have any need for the kind of TeX programming that defines new commands; if we disable \renewcommand as well as \input , then I don't think that anything that Axel or I want to do with TeX is lost. If this changes later on, then we can revisit the issue when that happens, because in the end, I don't think that it is really necessary; but until then, it should be reasonable to satisfy you in this way. Do you see any problem with this, Peter? What if Tomasz submits a patch that does this? BTW to Peter: I see that <rend class="math"> simply puts us inside LaTeX. I think that it ought to put us directly inside the {equation*} environment. Users don't want to have to type \begin{equation*} and \end{equation*}. -- Toby

None yet; takers? If you have the time or inclination, Toby; maybe we can get in touch with PlanetMath as regards their security model. Best, Peter