Bug#316154: texmf.cfg: Close possible security problem
On 29.06.05 Hans Hagen (pragma@wxs.nl) wrote:
> Frank Küster wrote:
Dear Thomas, dear TeXLive people,
> >in Debian bug report we have been asked to change the setting of
> >openin_any in texmf.cnf:
> >
> >Joachim Breitner <nomeata@debian.org> wrote:
> >
> >
> >>the shipped /etc/texmf/texmf.cfg has the following lines:
> >>
> >>openout_any = p
> >>openin_any = a
> >>
We've discussed with the submitter. We've got to the conclusion, that
changing the settings is not really necessary by default. He instead
suggested to leave a note above the line documenting that it *might*
be dangerous and how to change it, for example:
% The default settings are not secure when you process LaTeX files of
% possibly doubtful origin. In this case, set openin_any = p.
I've no clue if that will really help many people, however you could
consider to modify the texmf.cnf in that way.
Regards,
Hilmar
--
sigmentation fault
Reply to: