Re: Bug#311997: ITP: gaim-latex -- gaim plugin wich translate LaTeX code into image in conversation

To: debian-devel@lists.debian.org
Subject: Re: Bug#311997: ITP: gaim-latex -- gaim plugin wich translate LaTeX code into image in conversation
From: Martin Braure de Calignon <braurede@free.fr>
Date: Tue, 07 Jun 2005 10:03:38 +0200
Message-id: <[🔎] 1118131418.10472.13.camel@localhost>
In-reply-to: <[🔎] 42A5103D.5070604@ffsa.be>
References: <[🔎] 42A5103D.5070604@ffsa.be>

Le mardi 07 juin 2005 à 05:10 +0200, Nicolas Schoonbroodt a écrit :

MMmmm these are good news :-),
> If you can tell me where you find the tex2im depandancy (README,
> INSTALL, ...) It can help me for remove it in the next version.
Well, I've just looked into your files.
I can now said that I've made a mistake. You're plugin seems to doesn't
use tex2im now.
But I know what makes me missunderstand :
in README file :
"README:This is a plugin for Gaim [1] that allows you to display LaTeX
[2] output into your IMs. This plugin needs the tex2im tool [3]."

> 
> Now, about the security problem...
(...)
> I have blacklisted the same command than kopetetex, that is :
> > #define NB_BLACKLIST (42)
> > #define BLACKLIST {"\\def","\\let","\\futurelet","\\newcommand","\\renewcomment","\\else","\\fi","\\write","\\input","\\include","\\chardef","\\catcode","\\makeatletter","\\noexpand","\\toksdef","\\every","\\errhelp","\\errorstopmode","\\scrollmode","\\nonstopmode","\\batchmode","\\read","\\csname","\\newhelp","\\relax","\\afterground","\\afterassignment","\\expandafter","\\noexpand","\\special","\\command","\\loop","\\repeat","\\toks","\\output","\\line","\\mathcode","\\name","\\item","\\section","\\mbox","\\DeclareRobustCommand"}
> 
Great :-)
Why not define a WHITELIST instead of a BLACKLIST ? isn't it more
secured ?
> So (in normal case) all of this command will not be "authorised"
> (in fact, if you send a message like :
> normal text \input in normal text $$equation$$ normal text $$equation $$
> (or with the blacklisted command in the $$equation part$$) the message
> _will not_ be transform using latex compiler. (with the is_blacklisted
> function)
Ok thanks
> 
> If some other command have to be blacklisted, I hear you.

Well, I don't know LaTeX enough to gives you more commands (if there's
any)
> 
> If you have any suggestion with security problem (for example error in
> my code, or latex hack to "eviter" (french word, don't know in English)
avoid no ? ;-) but I'm french too so it's not a problem for me to
understand
> this security), you can continue the discussion here, I will read it.
> 
> Also other bug can be posted on sourceforge, for example.
Ok, I think we can know close my bug report on sourceforge no ?

> 
> Nicolas Schoonbroodt
Thank you very much for your help,
I hope I will be able to package it in Debian

--
Martin Braure de Calignon
(error3)

Reply to:

References:
- Re: Bug#311997: ITP: gaim-latex -- gaim plugin wich translate LaTeX code into image in conversation
  - From: Nicolas Schoonbroodt <nicolas@ffsa.be>

Prev by Date: Re: And now for something completely different... etch!
Next by Date: Re: Bug#312269: ITP: emile -- Early Mac Image LoadEr, a bootloader for m68k macs
Previous by thread: Re: Bug#311997: ITP: gaim-latex -- gaim plugin wich translate LaTeX code into image in conversation
Next by thread: Re: Bug#311997: ITP: gaim-latex -- gaim plugin wich translate LaTeX code into image in conversation
Index(es):
- Date
- Thread