From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gregory Heytings Newsgroups: gmane.emacs.devel Subject: Re: [RFC] MIME attachments for comint Date: Thu, 30 Sep 2021 08:49:22 +0000 Message-ID: <25d8d720224a671aefb1@heytings.org> References: <875yuln8rj.fsf@gmail.com> <87wnn0lm7k.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=us-ascii Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="35991"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Augusto Stoffel , monnier@iro.umontreal.ca, emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Sep 30 10:51:07 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mVrmV-00097C-E6 for ged-emacs-devel@m.gmane-mx.org; Thu, 30 Sep 2021 10:51:07 +0200 Original-Received: from localhost ([::1]:43870 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mVrmT-0004ee-Tg for ged-emacs-devel@m.gmane-mx.org; Thu, 30 Sep 2021 04:51:05 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:53950) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mVrl6-00038R-EY for emacs-devel@gnu.org; Thu, 30 Sep 2021 04:49:40 -0400 Original-Received: from heytings.org ([95.142.160.155]:58042) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mVrkr-00063f-4Z; Thu, 30 Sep 2021 04:49:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heytings.org; s=20210101; t=1632991762; bh=FdA6ci7rPpH2QKpWFtxnkm/Z42p60K7e+2dq6OtoasA=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References:From; b=MjOIfm56YSqC0eIgsYtJzTIubjw+oouZLiVVCdOu7zjbWRH9wkihO/mNJ6j1zD+wj gr7Or0KYb+Tq4CfvfiW7U1inKBNkHKvMd7d5dYt613XhL9WlI2P1GbOLhmQC/1x9sQ 4eU5Bc1dFGbTOuFfrCpYK/iN0HYY7R87cXrZms3oRmiYsClX9DAubdtHnDppCY2lVG lX9Vrly/GB9GTPI8xQJMEETeQkFuqZIT8rNtk5lI+ljHB0Kk4/7KvsAalnVCdOefZo jeHibkbjtVeMkbdyZ3MxfPpiGJ4Njo0oFVm0jFT6Hy2Q0dQTMk4T9wrZ9qD0Km6mbI +DjpaGQ4OcWqw== In-Reply-To: Received-SPF: pass client-ip=95.142.160.155; envelope-from=gregory@heytings.org; helo=heytings.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:275866 Archived-At: >> But TeX markup could in principle execute arbitrary code. > > I'm surprised and worried. Can you show how that can happen? > You probably know that TeX has a \write18{} command with which it is possible to execute shell commands. The behavior of that command is (in TeX Live) controlled by the shell_escape and shell_escape_commands configuration variables in texmf.cnf. Their default values are: shell_escape = p which means that shell commands are allowed "partially", that is, that the only allowed commands are those that are listed in shell_escape_commands: shell_escape_commands = bibtex,bibtex8,extractbb,gregorio,kpsewhich,makeindex,repstopdf,r-mpost,texosquery-jre8 But this restriction is easy to circumvent: echo ls > bibtex chmod +x bibtex export PATH=.:$PATH echo '\write18{bibtex}\bye' > test.tex pdftex test.tex In practice, this is not really a problem, because it requires to either change one of the programs listed in shell_escape_commands, or to change the PATH environment variable. But it's fragile nonetheless.