Ken Sharp <[email protected]> writes: > At 18:16 04/11/2017 +0100, David Kastrup wrote: > >>It's rendering individual PostScript files in an order determined by >>the current position in a viewer (in this case an Emacs file), and the >>individual files are externally provided, so they may contain >>malicious code. > > Provided they are in the current directory,
I am not sure that can be arranged. > as far as I'm aware you don't need to break SAFER for them, because > the Current worming directory is permitted. I can't recall if that > requires -P- or not, it may do. I am pretty sure that it didn't work by default. >>Pretty much the principal reason for the existence of DELAYSAFER. > > DELAYSAFER is there to permit operations to be concluded that won't > work if you have SAFER. This is, however, a massive security hole, > there are nay number of implementations and 'recipes' out there which > use SAFER and DELAYSAFER and never call .setsafe. Not preview-latex. It isn't a "security hole" unless you make it one. > Also WRITESYSTEMDICT and other things. > > In any event, DELAYSAFER hasn't changed. It's pretty pointless unless one can use .runandhide to temporarily be safe. >>This uses Ghostscript interactively via pipes (or a tty, I forget >>which): if there was a mode "be unsafe on the Ghostscript interpreter >>command line and safe within files read from there", that would work. > > No way that Ghostscript can tell the difference, at the interpreter > level, it all just comes in as streamed data. Well, then it is .runandhide . >>How are safe PostScript viewers to be implemented now? > > Well, you can use SAFER, you can even use DELAYSAFER, that has not > changed. What I'm questioning is the use of .runandhide. I repeat: the order of the files to be rendered is not known when Ghostscript is started: that depends on where the viewer is paging when Ghostscript has free capacities. This "render stuff currently on screen first" thing is pretty important for maintaining good interactivity. .runandhide is used for rendering one file safely, then get Ghostscript back into a state where it is possible to tell it via pipe to its command line what to do next. -- David Kastrup _______________________________________________ bug-auctex mailing list [email protected] https://lists.gnu.org/mailman/listinfo/bug-auctex
