[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#311997: ITP: gaim-latex -- gaim plugin wich translate LaTeX code into image in conversation

Martin Braure de Calignon wrote:

> Quoting tex2im code:
> ############
> (...)
> latex -interaction=batchmode out.tex > /dev/null
> cd "$homedir"
> dvips -o $tmpdir/out.eps -E $tmpdir/out.dvi 2> /dev/null
> (...)
> convert +adjoin -antialias -transparent $color1 -density $resolution
> $tmpdir/out.eps $tmpdir/out.$format
> (...)
> #########
> So they directly use latex.

This looks like a Bad Idea(tm):

anthony@bohr:latex-test$ cat out.tex
\documentclass{letter}
\begin{document}
\input{/etc/passwd}
\end{document}

$ latex -interaction=batchmode out.tex > /dev/null
$ dvips -o out.eps -E out.dvi 2> /dev/null
$ convert +adjoin -antialias out.eps out.png
$ see out.png

And yes, the contents of /etc/passwd pop up on screen. Given this isn't
too big a deal, but TeX can write files too, and would have permission
to change any file the user does.
Reply to: