Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Wikipedia>
  3. Wikitech
TeX, version 5
taw at users
Dec 3, 2002, 12:36 PM
Post #1 of 3 (355 views)
Permalink
Main changes:
* MD5 is stored in binary in database now, so MySQL has easier life
* Everything produced by renderMath is protected from further evaluation
Mechanism for doing that is ugly as hell (it's almost the same as one used
by <nowiki>)
* texvc is compiled to native code by default now. It probably won't make much
difference in terms of speed, as it's latex dvips and convert who take
most resources, but its free gaim, so why not use it (well, we could
also consider stripping texvc binary to make it a bit smaller, or doing some
really obscure optimalizations, but texvc is really not a performance
bottleneck).

Open questions:
* How to put TeX in safe mode ?
* Did you really measure that dir/a/ab/abcdef012345678.png is significantly
faster than dir/abcdef012345678.png and I should make math mode use this
trick too or you were just guessing and I can ignore that ?

Attached Files:

Re: TeX, version 5 [ In reply to ]
axelboldt at yahoo
Dec 3, 2002, 6:14 PM
Post #2 of 3 (353 views)
Permalink
--- Tomasz Wegrzanowski <taw@users.sourceforge.net> wrote:

> Open questions:
> * How to put TeX in safe mode ?

In tetex's texmf.cnf
# Don't execute user's shell code:
shell_escape = f

# Don't openout "dot" files or files with absolute paths
openout_any = p

Many distributions use these settings by default. In addition, TeX and
the other tools should be run as some nobody user and chroot'ed.

Axel

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Re: TeX, version 5 [ In reply to ]
taw at users
Dec 3, 2002, 6:34 PM
Post #3 of 3 (353 views)
Permalink
On Tue, Dec 03, 2002 at 05:14:56PM -0800, Axel Boldt wrote:
> --- Tomasz Wegrzanowski <taw@users.sourceforge.net> wrote:
>
> > Open questions:
> > * How to put TeX in safe mode ?
>
> In tetex's texmf.cnf
> # Don't execute user's shell code:
> shell_escape = f
>
> # Don't openout "dot" files or files with absolute paths
> openout_any = p
>
> Many distributions use these settings by default.

Is it enough ?
Mine says:

% Allow TeX \openin, \openout, or \input on filenames starting with `.'
% (e.g., .rhosts) or outside the current tree (e.g., /etc/passwd)?
% a (any) : any file can be opened.
% r (restricted) : disallow opening "dotfiles".
% p (paranoid) : as 'r' and disallow going to parent directories, and
% restrict absolute paths to be under $TEXMFOUTPUT.
openout_any = p
openin_any = a

So it would be able to leak lot of informations if it broke restrictions
placed by texvc.

> In addition, TeX and
> the other tools should be run as some nobody user and chroot'ed.

I'm paranoid so it sounds like a good idea to me.
What do Wikipedia admins think about that ?

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal