LaTeX forum ⇒ GeneralHacking with LaTeX! How to protect?

LaTeX specific issues not fitting into one of the other forums of this category.
eugene8086
Posts: 9
Joined: Thu Apr 02, 2015 3:17 pm

Hacking with LaTeX! How to protect?

Postby eugene8086 » Fri Aug 05, 2016 9:16 am

I`m creating the rendering images (with a formulas) script for the web site, which is based on texlive. I have found that there is a security vulnerability.

For example, using the commands \include \input \openin \read \openout \write a user can embed in the document that is processed on the server and open, read, write a files.

There is also a risk insert commands that cause an infinite loop, for example \loop \while.

How to anticipate all the dangers? For example, there is a form of use \@input. What other operators are dangerous? Where can I find documentation for a complete list of commands, working with files, inserting executable code into the tex document? I want to write the full black list and filter them.

(Sorry for my bad English)
Last edited by cgnieder on Tue Oct 04, 2016 6:13 pm, edited 1 time in total.
Reason: added code markup

Tags:

Return to “General”

Who is online

Users browsing this forum: No registered users and 10 guests