Re: Hypothetical LaTeX security holes (was: forwarded message from Jeff Licquia)

> A related attack might be possible. For example, > \openout=~/.ssh/authorized-keys sigh, every time I look at the archives of this list to see what's been happening I see more misinformation. As has been stated 1001 times whether or not LaTeX has access to the filesystem is not under the cont

Re: Hypothetical LaTeX security holes

As we're finding out with the US DMCA, permission to distribute a modified file does not include permission to modify a file. This also appears to be missing from the LPPL draft presented here. -Brian -- Brian Sniffen [EMAIL PROTECTED] pgpaF3SNkqqMo.pgp Description: PGP signature

Re: Hypothetical LaTeX security holes

On Wed, 2002-07-17 at 15:34, Boris Veytsman wrote: > I think it should be spelled out better in LPPL-3. I hope Frank and > David will take note. > > The wording of the current licnese is this: > > --- > The distribution of changed versions of certain fi

Re: Hypothetical LaTeX security holes

> From: Jeff Licquia <[EMAIL PROTECTED]> > Date: 17 Jul 2002 15:26:25 -0500 > > > Absolutely nothing in the currently used LPPL prevents you from > > creating your version of LaTeX, call it latex-improved, and invoke it > > by a command > > > > latex-improved file.foo > > Absolutely nothing in

Re: Hypothetical LaTeX security holes

On Wed, 2002-07-17 at 15:01, Boris Veytsman wrote: > Absolutely nothing in the currently used LPPL prevents you from > creating your version of LaTeX, call it latex-improved, and invoke it > by a command > > latex-improved file.foo Absolutely nothing in any version of the LPPL I've seen allows it

Re: Hypothetical LaTeX security holes

> Date: Wed, 17 Jul 2002 12:36:46 -0700 (PDT) > From: Mark Rafn <[EMAIL PROTECTED]> > > In order to be free, it must allow exactly what LPPL seems designed to > prevent. A Debian user can take LaTeX, make it behave differently than > the original, (including producing different output), and dist

Re: Hypothetical LaTeX security holes

On Wed, 17 Jul 2002, Joe Moore wrote: > According to the LPPL (as I read it), Debian does not have the right to > change latex.ltx without renaming it (latex.ltx? or the whole program?), and > the LaTeX maintainers may have little interest in fixing an "obscure bug" > that only affects a small set

Re: Hypothetical LaTeX security holes (was: forwarded message from Jeff Licquia)

Martin Schröder <[EMAIL PROTECTED]> wrote > On 2002-07-17 00:44:21 -0400, Simon Law wrote: >> I can imagine latex.ltx containing a couple extra >> \openin15=.ssh/identity , \openin15=.gnupg/secring.gpg and >> \openout15=.shrc commands[2] as put there by someone who has cracked >> an > > This