[Wikipedia-l] Security of evaluating arbitrary TeX code
Axel Boldt
axel at uni-paderborn.de
Sat Nov 10 16:36:57 UTC 2001
The mathwiki code I mentioned does not take ane precautions when
evaluation TeX code, and that is indeed a security hole.
I asked around on usenet
(http://groups.google.com/groups?threadm=d55ab765.0111091929.1e4b9af4%40posting.google.com&rnum=1)
and found out that TeX can write to arbitrary files and can also
execute shell scripts, but fortunately, both of those features can be
switched off, at least in the tetex distribution which is the standard
on Linux/Unix.
Axel
More information about the Wikipedia-l
mailing list