Re: Hypothetical LaTeX security holes (was: forwarded message from Jeff Licquia)
> A related attack might be possible. For example,
> \openout=~/.ssh/authorized-keys
sigh, every time I look at the archives of this list to see what's been
happening I see more misinformation.
As has been stated 1001 times whether or not LaTeX has access to the
filesystem is not under the control of LaTeX. By default it can't write
there (access to files beginning with dot and files not in a directory
below the input document are (separately) controllable) in the web2c file
handling code. If a latex document causes such files to be written when
tex has been set up not to allow that, then that can not possibly be a
bug in latex. Latex has no native access to any external resource.
All the file handling code in web2c tex is GPL.
My texmf.cnf says:
% Allow TeX \openout/\openin on filenames starting with `.' (e.g., .rhosts)?
% a (any) : any file can be opened.
% r (restricted) : disallow opening "dotfiles".
% p (paranoid) : as 'r' and disallow going to parent directories, and
% restrict absolute paths to be under $TEXMFOUTPUT.
openout_any = p
Note I'm paranoid about \openout.
If Debian is distributing texmf.cnf with openout_any = a which would
allow your example above then a) it shouldn't and b) you shouldn't blame
the latex maintainers.
David
_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.
--
To UNSUBSCRIBE, email to debian-legal-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: