Nicolas Schoonbroodt wrote:
chdir(/tmp)
system(latex -interaction=nonstopmode FILE_TEX)
system(dvips -o FILE_PS -E FILE_DVI)
system(convert FILE_PS FILE_PNG)
and finaly a I do a
system(rm -rf /tmp/GaimTeX.*) somewhere
This is still a security problem, this time from local users: A
Bill Allombert wrote:
When I spoke of security nightmare, this was exactly what I had in mind.
You will never find a blacklist of command that prevent abuse, and the
current certainly does not. For example \usepackage and \documentclass
are not blacklisted so the attacker can load add-on
Le mardi 07 juin 2005 à 05:10 +0200, Nicolas Schoonbroodt a écrit :
MMmmm these are good news :-),
If you can tell me where you find the tex2im depandancy (README,
INSTALL, ...) It can help me for remove it in the next version.
Well, I've just looked into your files.
I can now said that I've
On Mon, Jun 06, 2005 at 06:35:50PM -0400, Daniel Jacobowitz wrote:
On Mon, Jun 06, 2005 at 02:21:26PM -0700, Daniel Burrows wrote:
On Monday 06 June 2005 01:11 pm, H. S. Teoh wrote:
Make a version which generates the image on the sending side?
[...]
That would be a *very* nice
Le mardi 07 juin 2005 à 05:10 +0200, Nicolas Schoonbroodt a écrit :
So...(sorry for English)
lot of conversation about my plugin on your mailling list.
And also a bug report on sourceforge, related to your remark.
My message will be not complete (because it's 4.50 am here and that I
must be
On Tue, Jun 07, 2005 at 05:19:40PM +0200, Martin Braure de Calignon wrote:
I have blacklisted the same command than kopetetex, that is :
#define NB_BLACKLIST (42)
#define BLACKLIST
Le samedi 04 juin 2005 à 19:00 -0400, Roberto C. Sanchez a écrit :
On Sat, Jun 04, 2005 at 07:43:00PM +0200, Martin Braure de Calignon wrote:
Package: wnpp
Severity: wishlist
Owner: Martin Braure de Calignon [EMAIL PROTECTED]
* Package name: gaim-latex
Version : 0.3
* Martin Braure de Calignon [EMAIL PROTECTED] [050606 10:39]:
But I have a question. I'have quickly done first package. gaim-latex use
a tex2im script that is from another source. Do I have to make two
packages, one for tex2im and one for gaim-latex or do I have to just
include this script in
Le dimanche 05 juin 2005 à 20:42 -0700, Daniel Burrows a écrit :
On Sunday 05 June 2005 03:37 am, Bill Allombert wrote:
Sound like a potential security nightmare to me. LaTeX is a full
programming language.
Well, in principle it would be possible to just parse a subset of LaTeX [0]
and
On Mon, Jun 06, 2005 at 10:47:35AM +0200, Bernhard R. Link wrote:
* Martin Braure de Calignon [EMAIL PROTECTED] [050606 10:39]:
But I have a question. I'have quickly done first package. gaim-latex use
a tex2im script that is from another source. Do I have to make two
packages, one for
Martin Braure de Calignon wrote:
Quoting tex2im code:
(...)
latex -interaction=batchmode out.tex /dev/null
cd $homedir
dvips -o $tmpdir/out.eps -E $tmpdir/out.dvi 2 /dev/null
(...)
convert +adjoin -antialias -transparent $color1 -density $resolution
$tmpdir/out.eps
On Mon, Jun 06, 2005 at 02:14:51PM -0400, Anthony DeRobertis wrote:
Martin Braure de Calignon wrote:
Quoting tex2im code:
(...)
latex -interaction=batchmode out.tex /dev/null
cd $homedir
dvips -o $tmpdir/out.eps -E $tmpdir/out.dvi 2 /dev/null
(...)
convert +adjoin
Roberto C. Sanchez wrote:
At some point, you do need to execute something on your machine, else
you may as well unplug it and find something else to do. I understand
what you are saying, but we can't put everyone in a small padded room.
Based on your assessment, we would have cause to seek
On Mon, Jun 06, 2005 at 02:28:55PM -0400, Anthony DeRobertis wrote:
Roberto C. Sanchez wrote:
At some point, you do need to execute something on your machine, else
you may as well unplug it and find something else to do. I understand
what you are saying, but we can't put everyone in a
Le lundi 06 juin 2005 à 14:28 -0400, Anthony DeRobertis a écrit :
Roberto C. Sanchez wrote:
Ummm, I think you've missed my point. The thread is discussing a GAIM
(instant message client) plugin. So that script is not run by you, it is
run by an arbitrary stranger sending you an instant
On Mon, Jun 06, 2005 at 08:45:11PM +0200, Martin Braure de Calignon wrote:
Le lundi 06 juin 2005 à 14:28 -0400, Anthony DeRobertis a écrit :
Roberto C. Sanchez wrote:
Ummm, I think you've missed my point. The thread is discussing a GAIM
(instant message client) plugin. So that script is not
On Mon, Jun 06, 2005 at 04:00:47PM -0400, Daniel Jacobowitz wrote:
On Mon, Jun 06, 2005 at 08:45:11PM +0200, Martin Braure de Calignon wrote:
Le lundi 06 juin 2005 à 14:28 -0400, Anthony DeRobertis a écrit :
Roberto C. Sanchez wrote:
Ummm, I think you've missed my point. The thread is
On Monday 06 June 2005 01:11 pm, H. S. Teoh wrote:
Make a version which generates the image on the sending side?
[...]
That would be a *very* nice plugin. The bad thing about the current
plugin isn't only the security concern: it requires that the recipient
have the plugin installed. If
Le lundi 06 juin 2005 à 13:11 -0700, H. S. Teoh a écrit :
On Mon, Jun 06, 2005 at 04:00:47PM -0400, Daniel Jacobowitz wrote:
Make a version which generates the image on the sending side?
[...]
That would be a *very* nice plugin. The bad thing about the current
plugin isn't only the
On Mon, Jun 06, 2005 at 02:21:26PM -0700, Daniel Burrows wrote:
On Monday 06 June 2005 01:11 pm, H. S. Teoh wrote:
Make a version which generates the image on the sending side?
[...]
That would be a *very* nice plugin. The bad thing about the current
plugin isn't only the security
So...(sorry for English)
lot of conversation about my plugin on your mailling list.
And also a bug report on sourceforge, related to your remark.
My message will be not complete (because it's 4.50 am here and that I
must be at school at 8am)
First of all, you speak of tex2im depandency. This is
On Sat, Jun 04, 2005 at 08:18:59PM +0200, Florent Bayle wrote:
Le Samedi 4 Juin 2005 19:43, Martin Braure de Calignon a ?crit :
[...]
Provides the use of LaTeX code in conversation in gaim. The code is
converted in image by tex2im script (imagemagick) and the image is sent to
your
On Sunday 05 June 2005 03:37 am, Bill Allombert wrote:
Sound like a potential security nightmare to me. LaTeX is a full
programming language.
Well, in principle it would be possible to just parse a subset of LaTeX [0]
and get reasonable results. If they're calling LaTeX directly, though,
Package: wnpp
Severity: wishlist
Owner: Martin Braure de Calignon [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* Package name: gaim-latex
Version : 0.3
Upstream Author : Nicolas Schoonbroodt
* URL : http://sourceforge.net/projects/gaim-latex
*
Le Samedi 4 Juin 2005 19:43, Martin Braure de Calignon a écrit :
[...]
Provides the use of LaTeX code in conversation in gaim. The code is
converted in image by tex2im script (imagemagick) and the image is sent to
your contact.
[...]
Just a little mistake : according to the author of
Le samedi 04 juin 2005 à 20:18 +0200, Florent Bayle a écrit :
Le Samedi 4 Juin 2005 19:43, Martin Braure de Calignon a écrit :
[...]
Provides the use of LaTeX code in conversation in gaim. The code is
converted in image by tex2im script (imagemagick) and the image is sent to
your contact.
On Sat, Jun 04, 2005 at 07:43:00PM +0200, Martin Braure de Calignon wrote:
Package: wnpp
Severity: wishlist
Owner: Martin Braure de Calignon [EMAIL PROTECTED]
* Package name: gaim-latex
Version : 0.3
Upstream Author : Nicolas Schoonbroodt
* URL :
27 matches
Mail list logo
