Bug#316154: [tex-live] Re: Bug#316154: texmf.cfg: Close possible security problem
On 21.08.05 Karl Berry (firstname.lastname@example.org) wrote:
> % The default settings are not secure when you process LaTeX files of
> % possibly doubtful origin. In this case, set openin_any = p.
> I'm not too excited about putting such a vague and alarmist message
> into texmf.cnf. I have no objection to putting in something more
I'll think about that and try to rephrase that.
> What's the scenario where this is a problem again? If we're talking
> about some hypothetical web interface which allows generic
> uploading/running tex/displaying back, that's not a good idea for
> lots of other reasons, too.
Well, the submitter spoke about some mal code sent to somebody, who
calls it and the LaTeX file does something really bad. I don't know
how realistic that scenario is. Well, normally I don't read very long
documnents before processing them....
> > I've no clue if that will really help many people,
> I agree with you that 99% of users (at least) will never see a note in
> texmf.cnf, but we could write a couple of sentences in the
> documentation, if we can come up with something useful to say (even if
> just to point to when this question arises in the future).
Agreed. Where can I find the docs for texmf.cnf?