On Fri, Feb 06, 2004 at 03:07:34PM +0100, Christian Ridderström wrote: > Now to my question. I'm guessing that letting arbitrary latex code be > executed using this mechanism is a *huge* security problem. > (Well, assuming that the hacker also knows his latex).
TeX has only very limited abilitys to interact with your file system. > Can I filter the latex-code somehow to make it safe enough, i.e. so safe > that we feel it can be left running on wiki.lyx.org? No. On second thoughts, eliminating \def, \newcommand, \renewcommand, \providecommand, \catcode, \let, \write, \read and maybe a few more might severly cripple any possible malicious interaction... Andre'
