Bug#316154: texmf.cfg: Close possible security problem

[Hilmar Preusse <hille42@web.de>]

severity 316154 wishlist
stop

On 13.08.05 Joachim Breitner (nomeata@debian.org) wrote:
> Am Samstag, den 13.08.2005, 10:56 +0200 schrieb Hilmar Preusse:

Hi,

> > Well, calling any unchecked code with Admin permissions is insecure.
> > Joachim, based on this statement, do you agree that this is not
> > really a bug, but rather wishlist or can even be closed? Anybody
> > needing more security than the normal texmf.cnf provides can change
> > that file himself.
> 
> I guess this can be closed then. Maybe adding a comment above that
> config file line would be nice, saying maybe:
> // These settings are not secure when you process LaTeX files of
> // possibly doubtful origin. In this case, set openin_any = p
> 
OK, we can add that. I dunno if there are many people outside, who
would find that helpful. I guess I should send the modified request
to upstream.
For the time being I lower the severity.

H.
-- 
sigmentation fault