[texhax] security and LaTeX -related files

Robin Fairbairns Robin.Fairbairns at cl.cam.ac.uk
Mon Dec 13 10:20:31 CET 2004


> Pardon a simple-minded question:

not enough people bother to think these things through.  which is why
virus/trojan/worm writing is such easy work :-(

> can plain text files, DVI files, PS files, PDF files, or any of the 
> other files often encountered when writing with LaTeX, carry viruses or 
> other malicious code?

the reason for restrictions in file access within tex are that _tex_
can in principle be made to write to any file.

the reason for restrictions on the use of the write18 facility are
obvious.

a postscript file talks to a programmable interpreter: any such file
can therefore perform a denial-of-service attack, at the least.  if
the interpreter is ghostscript (or similar), there is in principle the
possibility of more serious destruction: which is why there are
security controls within ghostscript.

i'm not really au fait with widnoze implementations (and i've never
used a mac); there may be other issues that those versions of tex have
to deal with.

... and these are just my selection the ones people have thought of so
far.  there may be others i don't know about.



More information about the texhax mailing list