On Thu, 25 Sep 2008, Helge Hafting wrote:
why is this so, what a pity that would be ideal for collaboration.
Because running latex on unrestricted input in practice lets you do
anything you can do with a program. Want to plant a virus program? Embed
the virus in latex code as a string of bytes, then add some trivial
latex code to (1) write the virus to a disk file, and (2) execute that
file somehow. Or maybe executing it isn't even necessary if it gets
published on the wiki where unsuspecting people will stumble across it.
There are ways around this, such as:
* Set up the latex parsing very carefully, perhaps using a chroot
where only the necessary latex files are available, and all read-only.
<snip>
Even with such a setup, or running the entire conversion in a separate
virtual machine that's reset each time, there would still be a risk
involved in letting _arbitrary_ users execute _arbitrary_ LaTeX software
on it. How do you know they aren't skilled enough to write a program that
escalates their privilegdes, and finally manages to break out of the VM.
Well, they can still cause network traffic, such as running
DOS/cracking attacks against other hosts within the time limit. Maybe
there is a way of removing network access too. :-/
That should at least be doable using a VM. There's no reason it must have
external network access.
/Christian
--
Christian Ridderström, +46-8-768 39 44 http://www.md.kth.se/~chr
