Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Save version of TeX for use in cgi script?

0 views
Skip to first unread message

Axel Boldt

unread,
Nov 9, 2001, 10:29:17 PM11/9/01
to
Hi,

we are thinking about incorporating a way to enter TeX formulas into
our GNU encyclopedia at wikipedia.com, to be translated into png files
on the fly by a cgi script. This is similar to the way it is done in
the mathwiki code at http://www.mathcircle.org/cgi-bin/mathwiki.pl

The problem is \openout which makes executing unknown TeX scripts
unsafe. Is there a version of TeX (or a format/input file) which makes
TeX safe? What do other people do in this situation, say if they get a
TeX file of unknown origin from the web or from email?

Thanks,
Axel

Donald Arseneau

unread,
Nov 10, 2001, 1:10:02 AM11/10/01
to
ax...@uni-paderborn.de (Axel Boldt) writes:

> The problem is \openout which makes executing unknown TeX scripts
> unsafe.

The usual tetex has enhanced or reduced security!

You can disallow opening-output to anything but the current
directory. So do that, and run the TeX job in a temporary
subdirectory.

In texmf.cnf

# Don't execute user's shell code:
shell_escape = f

# Don't openout "dot" files or files with absolute paths
openout_any = p

Donald Arseneau as...@triumf.ca

John Culleton

unread,
Nov 10, 2001, 1:34:45 PM11/10/01
to
Donald Arseneau <as...@triumf.ca> wrote in message news:<yfizo5v...@triumf.ca>...

Very interesting. Where are these settings documented? I don't find
texmf.cnf, shell_escape etc. in the TeXbook or in my other documentation.

John Culleton

John Culleton

Jeffrey Goldberg

unread,
Nov 10, 2001, 11:21:13 PM11/10/01
to
On Nov 10, 2001 John Culleton <jo...@wexfordpress.com> wrote
in <e5acd666.01111...@posting.google.com>:

> Donald Arseneau <as...@triumf.ca> wrote in message news:<yfizo5v...@triumf.ca>...

> > The usual tetex has enhanced or reduced security!

> Very interesting. Where are these settings documented? I don't find


> texmf.cnf, shell_escape etc. in the TeXbook or in my other documentation.

These are not part of TeX, but part of the web2c implemenation of TeX used
on most Unix systems. So you need to look at the documentation for the
TeX implementation. If you are running web2c, you are almost certainly
running the TeTeX distribution (otherwise you would have had to learn a
lot about web2c and texmf.cnf to actually install a TeX system at all).
I which case you should look in

/path/to/texmf/doc/

And you will find that "/path/to" is probably "/usr/share"

Anyway, texmf.cnf is probably in

/path/to/texmf/web2c/texmf.cnf

It is an interesting file. To understand the search paths be sure to read

/path/to/texmf/doc/programs/kpathsea.{dvi,pdf}

But the features discussed above are simply documented by the comments
in the distributed texmf.cnf file. The default is distributed with the
shell escape disabled and the file writing in "paranoid" mode.

-j

--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice
I rarely read top-posted, over-quoted or HTML postings.

0 new messages