[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: forwarded message from Jeff Licquia

On Wed, Jul 17, 2002 at 11:35:02AM +0200, Martin Schröder wrote:
> On 2002-07-17 00:44:21 -0400, Simon Law wrote:
> > 	I can imagine latex.ltx containing a couple extra
> > \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and
> > \openout15=.shrc commands[2] as put there by someone who has cracked an
> 
> This is not possible on a default TeX installation.

Hmm, so dot-files are protected, but other files are not.  That still
leaves potential security holes.  I wouldn't want to have my
~/Mail/debian-devel folder overwritten just because I process a
document I receive, for example.

Also, there is the possibility of *reading* files that it shouldn't,
and embedding them in the output somehow.  This might cause me to
unknowingly publish a document that has my secret keys hidden in it.

Richard Braakman


-- 
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: