LATEX-L Archives

Mailing list for the LaTeX3 project

LATEX-L@LISTSERV.UNI-HEIDELBERG.DE

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Martin Schröder <[log in to unmask]>
Reply To:
Mailing list for the LaTeX3 project <[log in to unmask]>
Date:
Wed, 17 Jul 2002 17:34:19 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines)
On 2002-07-17 10:23:56 -0500, Jeff Licquia wrote:
> On Wed, 2002-07-17 at 04:35, Martin Schröder wrote:
> > On 2002-07-17 00:44:21 -0400, Simon Law wrote:
> > >   I can imagine latex.ltx containing a couple extra
> > > \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and
> > > \openout15=.shrc commands[2] as put there by someone who has cracked an
> >
> > This is not possible on a default TeX installation.
>
> [quotes about security protections removed]
>
> So you agree that LaTeX can be the source of a security hole.  Having

No.

The default installation of teTeX makes it extremly difficult (if
not impossible) to open any security holes. If you are really
concerned about security in TeX, you could and should enhance the
web2c TeX distribution, not LaTeX.

Best regards
        Martin

P.S.: Your fear of security holes in LaTeX borders on either
      ludicrious or paranoid (seen from 25 years of TeX history);
      it is at best very hypothecial.
P.P.S.: The same potential "security problems" are relevant to
        plain.tex, which everyone except Donald Knuth is
        forbidden to change. Are you going to stop distributing
        that?
--
               Martin Schröder, [log in to unmask]
          ArtCom GmbH, Grazer Straße 8, D-28359 Bremen
          Voice +49 421 20419-44 / Fax +49 421 20419-10

ATOM RSS1 RSS2