Re: Bug#311997: ITP: gaim-latex -- gaim plugin wich translate LaTeX code into image in conversation

On Tue, Jun 07, 2005 at 05:19:40PM +0200, Martin Braure de Calignon wrote:
> > I have blacklisted the same command than kopetetex, that is :
> > > #define NB_BLACKLIST (42)
> > > #define BLACKLIST {"\\def","\\let","\\futurelet","\\newcommand","\\renewcomment","\\else","\\fi","\\write","\\input","\\include","\\chardef","\\catcode","\\makeatletter","\\noexpand","\\toksdef","\\every","\\errhelp","\\errorstopmode","\\scrollmode","\\nonstopmode","\\batchmode","\\read","\\csname","\\newhelp","\\relax","\\afterground","\\afterassignment","\\expandafter","\\noexpand","\\special","\\command","\\loop","\\repeat","\\toks","\\output","\\line","\\mathcode","\\name","\\item","\\section","\\mbox","\\DeclareRobustCommand"}
> >
> > So (in normal case) all of this command will not be "authorised"
> > (in fact, if you send a message like :
> > normal text \input in normal text $$equation$$ normal text $$equation$$
> > (or with the blacklisted command in the $$equation part$$) the message
> > _will not_ be transform using latex compiler. (with the is_blacklisted
> > function)
> >
> > If some other command have to be blacklisted, I hear you.
>
> Considering Nicolas Schoonbroodt (upstream author) 's mail,
> do you think I can package it and ask for someone to upload it (on
> mentors of course) ? Or do you think there is still security problem in
> his software ?
> I've read the sources, there is, as Nicolas said, a blacklist of command
> that can't be use.
> I send him a bug because there's a typo (\\renewcomment instead of \
> \renewcommand).

When I spoke of security nightmare, this was exactly what I had in mind.
You will never find a blacklist of command that prevent abuse, and the
current certainly does not. For example \usepackage and \documentclass
are not blacklisted so the attacker can load add-on packages that can

I could not make sense of the criterium used for blacklisting,
e.g. why blacklisting \mbox ? Why blacklisting \section but not
\subsection ? why blacklisting \newcommand but not \newenvironment ?

You can try the whitelist approach, but LaTeX was not written with this
security requirement in mind so this is still potentially unsafe.

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.