On 3/29/07, Hans Hagen wrote:
> Patrick Gundlach wrote:
> > Hi,
> >
> > I've just found out about \installprogram, that lets you run any
> > command from TeX, bypassing the shellescape, openout and openin
> > setting. This means that I have a serious security problem on
> > contextgarden and therefore I have disabled all TeX typesetting.
> >
> > Any advise on how to disable this?
> >
> you can patch texutil.rb
>
> def MyExtras::finalizer(logger)
> unless (ENV["CTX.TEXUTIL.EXTRAS"] =~ /^(no|off|false|0)$/io) ||
> (ENV["CTX_TEXUTIL_EXTRAS"] =~ /^(no|off|false|0)$/io) then
> @@programs.each do |p|
> cmd = @@programs[p.to_i]
> logger.report("running #{cmd}")
> system(cmd)
> end
> end
> end
>
>
> and set
>
> CTX_TEXUTIL_EXTRAS=off
>
> (in mkiv i have a more clever method, there we can register nice programs)
What about some extra safety --switch? (Otherwise we need to patch
every time a new version is installed - I can place a regular
expression to replace that part, but I guess that other people might
need that as well.)
Mojca
_______________________________________________
dev-context mailing list
[email protected]
http://www.ntg.nl/mailman/listinfo/dev-context
