On Fri, Jun 01, 2001 at 10:41:58AM -0700, Tomas G. Rokicki wrote:
> Thanks for the email on dvips security!
>
> Can you explain why secure mode should be on by default?
> In other words, how might I run TeX and/or dvips over
> untrusted code? Provide me with a convincing attack
> scenario. A ti
Thanks for the email on dvips security!
Can you explain why secure mode should be on by default?
In other words, how might I run TeX and/or dvips over
untrusted code? Provide me with a convincing attack
scenario. A time bomb in some macro source somewhere that
gets included into a distribution?
Yeah, but people don't distribute .dvi files, do they?
-tom
"Tomas G. Rokicki" <[EMAIL PROTECTED]> writes:
> Yeah, but people don't distribute .dvi files, do they?
Sure they do. There are DVI docs distributed with many binary
distributions of tetex, the Emacs manual is being distributed to
proofreaders in DVI, and there are a bunch in various places on
Alan Shutko writes:
> > Yeah, but people don't distribute .dvi files, do they?
>
> Sure they do. There are DVI docs distributed with many binary
> distributions of tetex, the Emacs manual is being distributed to
> proofreaders in DVI, and there are a bunch in various places on the
> web.
Hi
On Fri, 1 Jun 2001, Tomas G. Rokicki wrote:
> Thanks for the email on dvips security!
>
> Can you explain why secure mode should be on by default?
> In other words, how might I run TeX and/or dvips over
> untrusted code?Provide me with a convincing attack
> scenario.A time bomb in some macro
On Fri, 1 Jun 2001, Sebastian Rahtz wrote:
> Alan Shutko writes:
> > > Yeah, but people don't distribute .dvi files, do they?
> >
> > Sure they do. There are DVI docs distributed with many binary
> > distributions of tetex, the Emacs manual is being distributed to
> > proofreaders in DVI, a
Robin Fairbairns writes:
> but that same attack could in principle propagate to dvips -- someone
> only has to include a special saying `rm -rf ~/* and ... pow!
>
> i agree that off-by-default is what should appear in the
> distributions.
I am bemused to see that you cannot do the equivalen
> Yeah, but people don't distribute .dvi files, do they?
some eccentrics do (indeed some claim it's the "one true way" ;-), but
the real problem comes from the tex sources, as i've said.
> Thanks for the email on dvips security!
>
> Can you explain why secure mode should be on by default?
> In other words, how might I run TeX and/or dvips over
> untrusted code? Provide me with a convincing attack
> scenario. A time bomb in some macro source somewhere that
> gets included into a
Sebastian Rahtz writes:
> I am bemused to see that you cannot do the equivalent of -R in the
> dvips config file. If this really is so, I propose to add it to the
> dvips sources now, and set it in the config file (for TeXLive, at
> least)
I am going to allocate "z" to this function in the co
From: "Sebastian Rahtz" <[EMAIL PROTECTED]>
Subject: Re: [tex-k] secure mode of dvips should be default
Date: Sat, 2 Jun 2001 15:12:11 +0100
Message-ID: <[EMAIL PROTECTED]>
> Sebastian Rahtz writes:
> > I am bemused to see that you cannot do the equivalent of -
Akira Kakuto writes:
> > I am going to allocate "z" to this function in the config file. I hope
> > thats agreeable to everyone? there are not many letters left
>
> In this case please modify the -R option to overwrite
> the default by -R0 .
Um. You want the user to be able to insist on
"Sebastian Rahtz" <[EMAIL PROTECTED]> tastet:
> I just need to compile it all and test... (I am doing this because I
> am also integrating the latest T1-aware xdvik into TeXLive. Does the
...
Do you have a release schedule for TeXLive? Thomas Esser came up with
some comments about incompatible .
[EMAIL PROTECTED] writes:
> Do you have a release schedule for TeXLive? Thomas Esser came up with
> some comments about incompatible .enc files and such that we're adressing.
TeXLive 6 is already on CTAN, and is stable. Whether any user groups
will make a large-scale pressing imminently, I do
> From: "Sebastian Rahtz" <[EMAIL PROTECTED]>
> Date: Sat, 2 Jun 2001 18:41:20 +0100
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: [tex-k] secure mode of dvips should be default
[snip]
> has anyone tried the new "mdvi&qu
I have updated the texk sources in TeXLive so that dvips can be made
secure against shell escapes by using the "z0" directive in config.ps
(which is now the default in TeXLive). It can be overridden on the
command-line with -R1. Confusing letters, but the history of dvips
does not allow much else
Sebastian Rahtz writes:
> for those who want to compare sources, see
> http://www.tug.org/texlive/tlprod/Build/source/
fwiw, this source set should also compile under MacOSX (includes some
patches from Sherlock Holmes[1]). though why anyone wants to use this
horrible system, I have no idea!
S
On Sat, Jun 02, 2001 at 11:27:05PM +0100, Sebastian Rahtz wrote:
> I have updated the texk sources in TeXLive so that dvips can be made
> secure against shell escapes by using the "z0" directive in config.ps
> (which is now the default in TeXLive). It can be overridden on the
> command-line with -
> "Julian" == Julian Gilbey <[EMAIL PROTECTED]> writes:
> What would be really nice would be three levels of security:
> -R0 no external commands executed
> -R1 only trusted commands executed, such as gs (it shouldn't be
> two hard for the wizards to come up with such a list
> Date: Sat, 2 Jun 2001 23:15:59 +0100
> From: Julian Gilbey <[EMAIL PROTECTED]>
> To: Sebastian Rahtz <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> Subject: Re: [tex-k] secure mode of dvips should be default
[sni
From: "Sebastian Rahtz" <[EMAIL PROTECTED]>
Subject: Re: [tex-k] secure mode of dvips should be default
> TeXLive also now includes janl's xdvik with t1lib included, hurrah!
> seems to work nicely.
>
> for those who want to compare sources, see
> http://www
Thanks, everyone, for taking such quick action on this.
-tom
> Xdvi implements such a trusted list, sort of. If xdvi encounters a
> PostScript file whose name ends in .Z or .gz or .bz2, and if the first
> 2-3 bytes of the file are the correct magic bytes for the file type,
> then xdvi will automatically pass the file through uncompress or gunzip
> or bunzi
Julian Gilbey writes:
> What would be really nice would be three levels of security:
>
> -R0 no external commands executed
>
> -R1 only trusted commands executed, such as gs (it shouldn't be two
> hard for the wizards to come up with such a list of commonly used
> commands, an
Reinhard Kotucha writes:
> Probably it would be best if this could be configured in texmf.cnf
> rather than in all the config. files. There are two variables
> concerning security. AFAIK, they are used by TeX only.
>
> It might be more difficult to implement, but I think that such a
> var
Thomas Esser writes:
> > Xdvi implements such a trusted list, sort of. If xdvi encounters a
> > PostScript file whose name ends in .Z or .gz or .bz2, and if the first
> > 2-3 bytes of the file are the correct magic bytes for the file type,
> > then xdvi will automatically pass the file throug
Sebastian Rahtz wrote:
> > Sebastian, it would be worth some thoughts whether the change you have
> > made should really go into TeXLive6. TeXLive is a CDROM distribution
> > and is used by many people who do not have internet access. They
> > cannot simply ask someone if something doesn't
Sebastian Rahtz wrote:
> > Sebastian, it would be worth some thoughts whether the change you have
> > made should really go into TeXLive6. TeXLive is a CDROM distribution
> > and is used by many people who do not have internet access. They
> > cannot simply ask someone if something doesn't
On Sun, Jun 03, 2001 at 01:19:54PM +0100, Sebastian Rahtz wrote:
> anyway, I have removed the `gunzip from dvips.def, so unless people
> make up their own extras, they will not realize that anything has changed.
> as of now, including a .ps.gz file works as expected, without the
> general securit
> "Nicolai" == janl <[EMAIL PROTECTED]> writes:
> [...] How about bz2?
If you want to integrate a library, I'd say that it isn't worth the
effort. bzip2 is extraordinary slow, needs a huge amount of
memory and the files are not so much smaller than those compressed
with gzip. bzip2 is
"Sebastian Rahtz" <[EMAIL PROTECTED]> tastet:
> I don't think its needed. the only sensible daily use for the commands
> is decompression, better done by linking in the right libraries. The
> concept of "trusted commands" is too woolly (in my opinion)
Bah. The key here is that the trusted comman
[EMAIL PROTECTED] tastet:
> Do you have a release schedule for TeXLive? Thomas Esser came up with
> some comments about incompatible .enc files and such that we're adressing.
A patch for t1lib has been submitted to the maintainer and has been
comitted to the xdvik cvs. The next release of xdvik
Giuseppe Ghibo' writes:
> > hmm. perhaps you are right. But my inclination is always with TeXLive to
> > go down the "Debian" route of ultra orthodoxy. What do others think?
>
> what do you mean?
I mean that I adopt the most conservative approach to licensing and
securty
> IMHO having compr
[EMAIL PROTECTED] writes:
> would work. It would very much fit the old Unix philosophy of small
> tools working together.
It was/is a good philosophy, but it assumed that people were nice. As
with so many other things, the minority of nasty people in the world
spoil it for everyone else.
Se
[EMAIL PROTECTED] writes:
> A patch for t1lib has been submitted to the maintainer and has been
> comitted to the xdvik cvs. The next release of xdvik will read postscript
> .enc files such as dvips use (and search for the in the ps headers
> directories)
good! I'll just track your work, and
Sebastian Rahtz wrote:
> > IMHO having compressed .ps.gz images to include is not of much importance
> > because it is obsolete.
> true. but some people still enjoy doing it
they can use old versions like MSDOS users with 8+3 chars... ;-)
> > so if you plan to add some support for file forma
Giuseppe Ghibo' writes:
> well, that's should happen in a phase with converging of used libraries
> between previewers, dvips, etc.; we are still having xdvi, xdvik, dvips,
> dvipsk, dvips+CJK etc...
what is dvips+CJK?
by the way, I dont think anyone is proposing to work on dvips, so dont
hol
Sebastian Rahtz wrote:
>
> Giuseppe Ghibo' writes:
> > > hmm. perhaps you are right. But my inclination is always with TeXLive to
> > > go down the "Debian" route of ultra orthodoxy. What do others think?
> >
> > what do you mean?
> I mean that I adopt the most conservative approach to licen
> > I mean that I adopt the most conservative approach to licensing and
> > securty
>
> You mean license, intented as license of use of program and libraries, such
> as GPL, LPL, etc.?
yes
> - pdftex (free, but doesn't support custom specials and custom EPS)
no, but it does support a lot
Sebastian Rahtz <[EMAIL PROTECTED]> writes:
> > - ghostscript 5.50 GPL, but doesn't work with embedded Type 1
> > - fonts.
> really? I thought it did. are you *sure*?
It wouldn't embed T1 fonts until 6.0, iirc. It would convert them to
type 3.
> I hope it comes soon!
They're working on it..
Tzafrir Cohen wrote:
>
> [RMS would have said here: this is "open source", not "free source" ;)]
you are right.
>
> APFL doesn't forbid commercial _usage_ . Only commercial distibution.
Well, commercial distribution means that if you include it on a CD which
although it is free because for i
Sebastian Rahtz wrote:
>
> > > I mean that I adopt the most conservative approach to licensing and
> > > securty
> >
> > You mean license, intented as license of use of program and libraries, such
> > as GPL, LPL, etc.?
>
> yes
>
> > - pdftex (free, but doesn't support custom specials and
Giuseppe Ghibo' writes:
> > there is a recently-announced "textrace" program which goes some of
> > the way
>
> URL?
ur, um, I have lost it! did anyone else record it?
> > the former is easy - since Distiller is expensive and not for Linux,
>
> distiller is available for Linux, put onl
Sebastian Rahtz <[EMAIL PROTECTED]> tastet:
> [EMAIL PROTECTED] writes:
> > would work. It would very much fit the old Unix philosophy of small
> > tools working together.
>
> It was/is a good philosophy, but it assumed that people were nice. As
> with so many other things, the minority of n
janl <[EMAIL PROTECTED]> writes:
> The demans on our alertness with regard to what data we pass
> around to libraries is no less when we use a library than an external
> executable. Has the library been audited, was it written assuming
> that the caller does all the needed sanity checks? What
> Giuseppe Ghibo' writes:
> > > there is a recently-announced "textrace" program which goes some of
> > URL?
> ur, um, I have lost it! did anyone else record it?
http://freshmeat.net/projects/textrace/
Thomas
Thomas Esser wrote:
>
> > Giuseppe Ghibo' writes:
> > > > there is a recently-announced "textrace" program which goes some of
> > > URL?
> > ur, um, I have lost it! did anyone else record it?
>
> http://freshmeat.net/projects/textrace/
Thanks a lot. Hmmm, it seems bitmap vector tracing, w
Giuseppe Ghibo' wrote:
>
> Thomas Esser wrote:
>
> >
> > > Giuseppe Ghibo' writes:
> > > > > there is a recently-announced "textrace" program which goes some of
> > > > URL?
> > > ur, um, I have lost it! did anyone else record it?
> >
> > http://freshmeat.net/projects/textrace/
>
> Thanks a
> URL? Currently with t1utils (http://www.lcdf.org/~eddietwo/type/) it
> could be a great solution, but the "trace" in the name suggests me
> that it tries to "trace" bitmapped (maybe at high resolution), while
> MetaFOG was operating at "vector" level.
Recently, there was some discussion on comp
> what is dvips+CJK?
I want to know that also...
> by the way, I dont think anyone is proposing to work on dvips, so
> dont hold your breath
For CJK scripts, CID and CFF support is urgently needed.
Werner
Werner LEMBERG wrote:
>
> > what is dvips+CJK?
>
> I want to know that also...
Chinese Japanese extensions
Bye.
Giuseppe.
On 2001-06-04 14:38:54 +0200, Giuseppe Ghibo' wrote:
> That's remind me the things about PDF. Currently there are several
> way of producing PDF from DVI or PS
>
> - pdftex (free, but doesn't support custom specials and custom EPS)
> - dvipdfm (free, doesn't support inline specials; but works wit
On 2001-06-04 17:43:08 +0200, Giuseppe Ghibo' wrote:
> distiller is available for Linux, put only the SERVER version,
> which costs even more, 2-3000$ if I remember right.
5000 US$ for 100 seats.
Best regards
Martin
--
http://www.tm.oneiros.de/calendar/2001/
> > could be a great solution, but the "trace" in the name suggests me
> > that it tries to "trace" bitmapped (maybe at high resolution), while
> > MetaFOG was operating at "vector" level.
>
> Recently, there was some discussion on comp.text.tex on this topic
> with Richard Kinch. He said that i
Thomas Esser wrote:
>
> > > could be a great solution, but the "trace" in the name suggests me
> > > that it tries to "trace" bitmapped (maybe at high resolution), while
> > > MetaFOG was operating at "vector" level.
> >
> > Recently, there was some discussion on comp.text.tex on this topic
> >
> Date: Sun, 3 Jun 2001 10:12:20 +0200 (MET DST)
> From: Thomas Esser <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED],
> [EMAIL PROTECTED]
> Subject: Re: [tex-k] secure mode
> For screen PDF of course. For multipurpose (i.e. either for screen
> and for printer, i.e. as a whole replacement of PK) like to BlueSky
> ones I don't think so. Look for instance at a "magnified" o in CMR
> (see the attach) from differ.pdf.
I'll ask the author of TeXtrace whether this artefa
> > Recently, there was some discussion on comp.text.tex on this topic
> > with Richard Kinch. He said that if he had to start again, he would
> > take the autotracing route.
>
> IIRC, he thought of a resolution much higher than what textrace uses.
> Still, I think this automatic conversion is
Am Dienstag, 5. Juni 2001 09:19 schrieb Giuseppe Ghibo':
> Giuseppe Ghibo' wrote:
> > Thanks a lot. Hmmm, it seems bitmap vector tracing, which could
> > have problems of precisions. If I remember right, METAPOST can
> > extract outlines in type3 too, so the problem would be to
> > convert type3
Sebastian Rahtz <[EMAIL PROTECTED]> writes:
> I just need to compile it all and test... (I am doing this because I
> am also integrating the latest T1-aware xdvik into TeXLive. Does the
> same problem occur in xdvi?)
You mean, with shell escapes being enabled by default?
This is not the case wit
Uwe Koloska wrote:
> Sorry, but you are wrong! Type3 fonts can be vector outlines and/or
> bitmaps. In opposite to Type1 fonts that cannot not have some postscript
> commands, glyphs for Type3 fonts can contain full postscript programs. For
> example with a Type3 font you can create colorful p
62 matches
Mail list logo
