Re: Hypothetical LaTeX security holes (was: forwarded message from Jeff Licquia)
Martin Schröder <ms@artcom-gmbh.de> wrote
> On 2002-07-17 00:44:21 -0400, Simon Law wrote:
>> I can imagine latex.ltx containing a couple extra
>> \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and
>> \openout15=.shrc commands[2] as put there by someone who has cracked
>> an
>
> This is not possible on a default TeX installation.
(snip valid reasons)
A related attack might be possible. For example,
\openout=~/.ssh/authorized-keys
Or a steganography attack that hides ~/.ssh/secring.gpg in the resultant
.dvi file.
And to move this back to a more debian-focused discussion, let's imagine
that similar code is wrapped with (I'm not much of a TeX user)
if fileexists(/etc/debian_version) then
%do the exploit code
According to the LPPL (as I read it), Debian does not have the right to
change latex.ltx without renaming it (latex.ltx? or the whole program?), and
the LaTeX maintainers may have little interest in fixing an "obscure bug"
that only affects a small set of users.
--Joe
--
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: