On Tue, Dec 03, 2002 at 05:14:56PM -0800, Axel Boldt wrote:
--- Tomasz Wegrzanowski
<taw(a)users.sourceforge.net> wrote:
Open questions:
* How to put TeX in safe mode ?
In tetex's texmf.cnf
# Don't execute user's shell code:
shell_escape = f
# Don't openout "dot" files or files with absolute paths
openout_any = p
Many distributions use these settings by default.
Is it enough ?
Mine says:
% Allow TeX \openin, \openout, or \input on filenames starting with `.'
% (e.g., .rhosts) or outside the current tree (e.g., /etc/passwd)?
% a (any) : any file can be opened.
% r (restricted) : disallow opening "dotfiles".
% p (paranoid) : as 'r' and disallow going to parent directories, and
% restrict absolute paths to be under $TEXMFOUTPUT.
openout_any = p
openin_any = a
So it would be able to leak lot of informations if it broke restrictions
placed by texvc.
In addition, TeX and
the other tools should be run as some nobody user and chroot'ed.
I'm paranoid so it sounds like a good idea to me.
What do Wikipedia admins think about that ?