Re: forwarded message from Jeff Licquia
On Wed, Jul 17, 2002 at 11:35:02AM +0200, Martin Schröder wrote:
> On 2002-07-17 00:44:21 -0400, Simon Law wrote:
> > I can imagine latex.ltx containing a couple extra
> > \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and
> > \openout15=.shrc commands[2] as put there by someone who has cracked an
>
> This is not possible on a default TeX installation.
Hmm, so dot-files are protected, but other files are not. That still
leaves potential security holes. I wouldn't want to have my
~/Mail/debian-devel folder overwritten just because I process a
document I receive, for example.
Also, there is the possibility of *reading* files that it shouldn't,
and embedding them in the output somehow. This might cause me to
unknowingly publish a document that has my secret keys hidden in it.
Richard Braakman
--
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: