Ralf Angeli <[email protected]> writes: > On 2017-10-22 19:55, David Kastrup wrote: > >> More of a problem of how Ghostscript works. It has a safer mode, and >> for interactive mode, it must be possible to enter and exit it in >> some manner. Ghostscript changes the details every few releases. I >> think that the last few changes had been tracked and fixed by Ralf. > > That might be, but I doubt my fixes had much to do with the internals > of Ghostscript. So I'm sorry to say that I won't be of much help > here.
I committed a fix to master. It turned out after quite a bit of back and forth that the details I remembered were stale: preview-latex had already previously been engineered to not requiring coming back from SAFER mode once entered. So .runandhide was no longer used in a security-relevant manner and could be replaced by code that did the hiding "in plain sight", namely a variable. That's ugly but not an exploit as it would have been in the case I remembered: as opposed to how it was in olden times, the hidden expression cannot be used for jail breaking. So it turns out I engaged my less than convincing shark teethed charm more than called for (for the purposes of AUCTeX at least) this time. -- David Kastrup _______________________________________________ auctex mailing list [email protected] https://lists.gnu.org/mailman/listinfo/auctex
