GeneralHacking with LaTeX! How to protect?

LaTeX specific issues not fitting into one of the other forums of this category.
Post Reply
eugene8086
Posts: 9
Joined: Thu Apr 02, 2015 3:17 pm

Hacking with LaTeX! How to protect?

Post by eugene8086 »

I`m creating the rendering images (with a formulas) script for the web site, which is based on texlive. I have found that there is a security vulnerability.

For example, using the commands \include \input \openin \read \openout \write a user can embed in the document that is processed on the server and open, read, write a files.

There is also a risk insert commands that cause an infinite loop, for example \loop \while.

How to anticipate all the dangers? For example, there is a form of use \@input. What other operators are dangerous? Where can I find documentation for a complete list of commands, working with files, inserting executable code into the tex document? I want to write the full black list and filter them.

(Sorry for my bad English)
Last edited by cgnieder on Tue Oct 04, 2016 6:13 pm, edited 1 time in total.
Top

Recommended reading 2024:

LaTeXguide.org • LaTeX-Cookbook.net • TikZ.org

Learn LaTeX easily with newest books:

The LaTeX Beginner's Guide: 2nd edition and perfect for students writing a thesis

The LaTeX Cookbook: 2nd edition full of practical examples for mathematics, physics, chemistry, and more

LaTeX Graphics with TikZ: the first book about TikZ for perfect drawings in your LaTeX thesis

User avatar
Stefan Kottwitz
Site Admin
Posts: 10397
Joined: Mon Mar 10, 2008 9:44 pm

Hacking with LaTeX! How to protect?

Post by Stefan Kottwitz »

A blacklist is already good, plus disabling write18 / shell-escape.

You could use a docker container, that contains a TeX installation, with compilation done by a non-root user. With docker, at compiling time an operating system image is created, used, and destroyed afterwards. Each compilation uses a new container. That's another level of protection. That's a way cloud services work for thousands of users at the same time: each user and each LaTeX run has its own container created, used, and removed. The provider maintains a container with a Linux image and TeX live on it.

Stefan
LaTeX.org admin
Top
User avatar
nlct
Posts: 276
Joined: Thu Nov 06, 2008 11:15 am

Hacking with LaTeX! How to protect?

Post by nlct »

There are also some TeX Live security settings in texmf.cnf regarding I/O. You can use kpsewhich -a texmf.cnf to find the file. Input (\input or \openin) is governed by openin_any and output (\openout) is governed by openout_any. The most secure setting is p (paranoid)

Code: Select all

openin_any = p
openout_any = p
This disallows opening dot files, forbids going to parent directories, and only allows absolute paths that are under $TEXMFOUTPUT (for writing). This will only allow files within the current directory (or sub-directories thereof), so the user won't be able to input arbitrary files outside of it. (Class files and packages in the TEXMF tree can still be input.)

An infinite loop can also be triggered with a simple recursive definition. For example:

Code: Select all

\def\foo{\foo}\foo
The only way effective way, that I can think of, to guard against that is to have a timeout on the process that runs TeX/LaTeX.

Regards
Nicola Talbot
Top
Post Reply

Return to “General”