Bug#51586: Please Reopen 51586 ("secure" mode in dvips should be the default)
> > It means that if I send someone a DVI file, and they view it with xdvi
> > it looks ok (because xdvi ignores most \specials) but if I have a
> > \special that says "rm -rf $HOME", and they go to print it, kaboom.
Then I tried to make patch. It is easy to make '-R' as default
but I think it needs a bit more.
- '-R' option is already used by magicfilter and perhaps there are
some who set this personally so '-R' option should be retained as
it is now.
- So there must be new option which enables the feature that dvips
can execute shell commands through \special.
I added '-I' option (I mean 'I'nsecure mode)
- Documents should reflect these changes.
I would like to hear any comments or suggestions.
Thanks in advance, 2000.5.22
--
Debian JP Developer - much more I18N of Debian
Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Department of Math., Tokushima Univ.
--- tetex-bin-1.0.6.orig/texk/dvipsk/dvips.1
+++ tetex-bin-1.0.6/texk/dvipsk/dvips.1
@@ -174,6 +174,17 @@
before running out of steam; these options can be used to automatically
split a book into ten-page sections, each to its own file.
.TP
+.B -I
+Run in insecure mode. This means that ``backtick'' commands from a
+.I \\\special{}
+or
+.I \epsffile{}
+macro in the (La)TeX source like
+.I \\\special{psfile="`zcat foo.ps.Z"}
+or
+.I \epsffile[72 72 540 720]{"`zcat screendump.ps.gz"}
+are executed.
+.TP
.B -k
Print crop marks. This option increases the paper size (which should be
specified, either with a paper size special or with the
--- tetex-bin-1.0.6.orig/texk/dvipsk/dvips.c
+++ tetex-bin-1.0.6/texk/dvipsk/dvips.c
@@ -64,7 +64,7 @@
Boolean cropmarks ; /* add cropmarks? */
Boolean abspage = 0 ; /* are page numbers absolute? */
Boolean tryepsf = 0 ; /* should we try to make it espf? */
-Boolean secure = 0 ; /* make safe for suid */
+Boolean secure = 1 ; /* make safe for suid */
int collatedcopies = 1 ; /* how many collated copies? */
int sectioncopies = 1 ; /* how many times to repeat each section? */
integer pagecopies = 1 ; /* how many times to repeat each page? */
@@ -267,7 +267,7 @@
" G* Shift low chars to higher pos. ",
#endif
"h f Add header file ",
-"i* Separate file per section ",
+"i* Separate file per section I Run insecurely ",
"j* Download fonts partially ",
"k* Print crop marks K* Pull comments from inclusions ",
"l # Last page ",
@@ -732,6 +732,9 @@
if (sepfiles && maxsecsize == 0) {
maxsecsize = 1; /* default section size to one page/file */
}
+ break ;
+case 'I':
+ secure = 0 ;
break ;
case 'j':
partialdownload = (*p != '0') ;
--- tetex-bin-1.0.6.orig/texk/dvipsk/dvips.help
+++ tetex-bin-1.0.6/texk/dvipsk/dvips.help
@@ -8,7 +8,7 @@
e # Maxdrift value E* Create minimal EPSF
f* Run as filter F* Send control-D at end
h f Add header file f H f Same as h
-i* Separate file per section
+i* Separate file per section I Run insecurely
j* Partially download Type 1's
k* Print crop marks K* Pull comments from inclusions
l # Last page
--- tetex-bin-1.0.6.orig/texk/dvipsk/dvips.texi
+++ tetex-bin-1.0.6/texk/dvipsk/dvips.texi
@@ -802,6 +802,17 @@
before running out of steam; these options can be used to automatically
split a book into ten-page sections, each to its own file.
+@item -I
+@opindex -I
+@cindex security
+@cindex shell command execution, enabling
+@cindex absolute filenames, enabling
+@cindex pipes, enabling output to
+Run insecurely. This enables shell command execution in @code{\special}
+(via @samp{`}, @pxref{Dynamic creation of graphics}) and config files
+(via the @samp{E} option, @pxref{Configuration file commands}), pipes as
+output files, and opening of any absolute filenames.
+
@item -j*
@opindex -j @r{for partial font downloading}
Download only needed characters from Type 1 fonts. This is the
Reply to: