LATEX-L Archives

Mailing list for the LaTeX3 project


Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Martin Schröder <[log in to unmask]>
Reply To:
Mailing list for the LaTeX3 project <[log in to unmask]>
Wed, 17 Jul 2002 17:34:19 +0200
text/plain (35 lines)
On 2002-07-17 10:23:56 -0500, Jeff Licquia wrote:
> On Wed, 2002-07-17 at 04:35, Martin Schröder wrote:
> > On 2002-07-17 00:44:21 -0400, Simon Law wrote:
> > >   I can imagine latex.ltx containing a couple extra
> > > \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and
> > > \openout15=.shrc commands[2] as put there by someone who has cracked an
> >
> > This is not possible on a default TeX installation.
> [quotes about security protections removed]
> So you agree that LaTeX can be the source of a security hole.  Having


The default installation of teTeX makes it extremly difficult (if
not impossible) to open any security holes. If you are really
concerned about security in TeX, you could and should enhance the
web2c TeX distribution, not LaTeX.

Best regards

P.S.: Your fear of security holes in LaTeX borders on either
      ludicrious or paranoid (seen from 25 years of TeX history);
      it is at best very hypothecial.
P.P.S.: The same potential "security problems" are relevant to
        plain.tex, which everyone except Donald Knuth is
        forbidden to change. Are you going to stop distributing
               Martin Schröder, [log in to unmask]
          ArtCom GmbH, Grazer Straße 8, D-28359 Bremen
          Voice +49 421 20419-44 / Fax +49 421 20419-10