On Sun, May 16, 2010 at 10:23:59PM +0000, Karl Berry wrote: > In fact last year I asked Karl to add fc-match in the list of the > shell_escape commands in texmf.cnf, I was thinking we would use it. It > would be good to have fc-list in the shell_escape list too. Karl, what > do you think about it? > > As long as they cannot be exploited to get a shell or do nefarious > things on the local system. Looking at the man pages, they seem safe, > but my brain is not good at thinking about ways to abuse programs. > > Can you please carefully review all possible options? Manuel knows how > much trouble we can get into :). > > One thing that occurs to me is that we would have to do something to > avoid executing them from the current directory on Windows. Perhaps on > Windows we should always execute the programs from our own bindir. But > on Unix we could/should respect PATH.
I was thinking that using fc tools on both non-cygwin Windows and OSX doesn't make sense, we should scan font directories directly. I don't also like the idea of hardcoding such paths into the code, that is precisely what $OSFONTDIR is for. So, I think texlive/mactex should set $OSFONTDIR to some sensible value on Windows/OSX, something like: osx: /System/Library/Fonts//;/Network/Library/Fonts//;/Library/Fonts// windows: %WINDIR%\Fonts (%WINDIR% is an env variable, not sure how kpse handle those on windows) This leaves only unices, until we find a way to git rid of fc there. -- Khaled Hosny Arabic localiser and member of Arabeyes.org team Free font developer
