Re: latex2html: Problem with compressed files

Fri, 4 Sep 1998 07:30:01 -0400 

At 5:05 PM +1000 4/9/98, Uli Wortmann wrote:
>>>>>> "Michel" == Michel Goossens <[EMAIL PROTECTED]> writes:

>b) with older versions of dvips (like Grahams). If you redefine in
>dvips.def the lines
>
>    \@namedef{Gin@[email protected]}#1{{eps}{.eps.bb}{`gunzip -c #1}}
>    \@namedef{Gin@[email protected]}#1{{eps}{.ps.bb}{`gunzip -c #1}}
>    \@namedef{Gin@[email protected]}#1{{eps}{.ps.bb}{`gunzip -c #1}}
>    \@namedef{Gin@[email protected]}#1{{eps}{.eps.bb}{`gunzip -c #1}}
>
>    to:
>
>    \@namedef{Gin@[email protected]}#1{{eps}{.eps.bb}{#1}}
>    \@namedef{Gin@[email protected]}#1{{eps}{.ps.bb}{#1}}
>    \@namedef{Gin@[email protected]}#1{{eps}{.ps.bb}{#1}}
>    \@namedef{Gin@[email protected]}#1{{eps}{.eps.bb}{#1}}

It is a little worrying that  dvips  can call upon other programs to run in
this fashion.
I remember fragments of a conversation with Kris Rose, concerning this.
Surely it means that virus-like code can live inside .dvi files, to be released
when  dvips  is called upon to process that file.

There has to be a mechanism to prevent this.
Isn't there a switch, at least at compile-time, that disables the ability
of  dvips
to handle these graphics commands ?
If so, then it isn't just a matter of which version of  dvips  but also
whether it was
compiled with this feature enabled (useful but dangerous)
or disabled (not so useful, but safe).


>
>dvips will to search for the file and uncompress after
>searching -- instead of having gunzip to find the file.


With this later version, what is allowable as the #1  ?
Perhaps this version has general program calls disabled,
but does allow specific calls to known graphics utilities.


>Unfortunatly, this only works with newer versions of dvips.

Perhaps it has recently been recognised how dangerous are the earlier
versions ?


I'd like to know the full details of this issue, before building explicit
support into LaTeX2HTML.


Cheers,

        Ross Moore



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ross Moore                             email: [EMAIL PROTECTED]
Mathematics Department                 phone:      +612 9850 8955
Macquarie University                     fax:      +612 9850 8114
Sydney, NSW 2109                      office:             E7A-419
Australia              WWW: http://www-math.mpce.mq.edu.au/~ross/

                ***************************

for the best in (La)TeX-nical typesetting and Web page production
join the  TeX Users Group (TUG) --- browse at  http://www.tug.org

                 <[EMAIL PROTECTED]>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reply via email to