Giuseppe Ghibò <[EMAIL PROTECTED]> writes: > Furthermore in output pipe we could have different level of > security, so to have both tex users as well as unix sysadmin happy > (the latter mainly because dvips is for instance used in some > printer filter which could run with root privileges): > > 1) allow pipe output to any command > > 2) allow pipe output but only to a fixed set of commands (fixed in > the sources and not modifiable in further config files: e.g. only > /usr/bin/lp [in case of running cups or SysV] and /usr/bin/lpr).
Too contrived, IMO. > > 3) don't allow any output to a pipe, but only to files What's the use of that distinction? If I can write any file I have access to, I don't need no fscking pipe to do my harm in the first place. > 4) don't allow any output to a pipe Or one considers certain options security relevant and won't accept them from a file in a TeX-writable place (. or below or so). -- David Kastrup, Kriemhildstr. 15, 44793 Bochum