Martin Schröder <[EMAIL PROTECTED]> wrote > On 2002-07-17 00:44:21 -0400, Simon Law wrote: >> I can imagine latex.ltx containing a couple extra >> \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and >> \openout15=.shrc commands[2] as put there by someone who has cracked >> an > > This is not possible on a default TeX installation. (snip valid reasons)
A related attack might be possible. For example, \openout=~/.ssh/authorized-keys Or a steganography attack that hides ~/.ssh/secring.gpg in the resultant .dvi file. And to move this back to a more debian-focused discussion, let's imagine that similar code is wrapped with (I'm not much of a TeX user) if fileexists(/etc/debian_version) then %do the exploit code According to the LPPL (as I read it), Debian does not have the right to change latex.ltx without renaming it (latex.ltx? or the whole program?), and the LaTeX maintainers may have little interest in fixing an "obscure bug" that only affects a small set of users. --Joe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
