[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: forwarded message from Jeff Licquia

On 2002-07-17 10:23:56 -0500, Jeff Licquia wrote:
> On Wed, 2002-07-17 at 04:35, Martin Schröder wrote:
> > On 2002-07-17 00:44:21 -0400, Simon Law wrote:
> > > 	I can imagine latex.ltx containing a couple extra
> > > \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and
> > > \openout15=.shrc commands[2] as put there by someone who has cracked an
> > 
> > This is not possible on a default TeX installation.
> [quotes about security protections removed]
> So you agree that LaTeX can be the source of a security hole.  Having


The default installation of teTeX makes it extremly difficult (if
not impossible) to open any security holes. If you are really
concerned about security in TeX, you could and should enhance the
web2c TeX distribution, not LaTeX.

Best regards

P.S.: Your fear of security holes in LaTeX borders on either
      ludicrious or paranoid (seen from 25 years of TeX history);
      it is at best very hypothecial.
P.P.S.: The same potential "security problems" are relevant to
        plain.tex, which everyone except Donald Knuth is
        forbidden to change. Are you going to stop distributing
               Martin Schröder, MS@ArtCom-GmbH.DE
          ArtCom GmbH, Grazer Straße 8, D-28359 Bremen
          Voice +49 421 20419-44 / Fax +49 421 20419-10

To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: