Martin Braure de Calignon wrote:
> Quoting tex2im code:
> ############
> (...)
> latex -interaction=batchmode out.tex > /dev/null
> cd "$homedir"
> dvips -o $tmpdir/out.eps -E $tmpdir/out.dvi 2> /dev/null
> (...)
> convert +adjoin -antialias -transparent $color1 -density $resolution
> $tmpdir/out.eps $tmpdir/out.$format
> (...)
> #########
> So they directly use latex.
This looks like a Bad Idea(tm):
[EMAIL PROTECTED]:latex-test$ cat out.tex
\documentclass{letter}
\begin{document}
\input{/etc/passwd}
\end{document}
$ latex -interaction=batchmode out.tex > /dev/null
$ dvips -o out.eps -E out.dvi 2> /dev/null
$ convert +adjoin -antialias out.eps out.png
$ see out.png
And yes, the contents of /etc/passwd pop up on screen. Given this isn't
too big a deal, but TeX can write files too, and would have permission
to change any file the user does.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
