[tex-live] TeXLive Online Service?
Frank Küster
frank at kuesterei.ch
Thu Jan 31 23:00:13 CET 2008
Patrice Dumas <pertusus at free.fr> wrote:
> On Thu, Jan 31, 2008 at 08:53:10AM +0100, Werner LEMBERG wrote:
>>
>> Folks,
>>
>>
>> does someone offers a `TeXLive Online Service'?
>>
>> I don't know whether this is the right name, but the idea is that you
>> submit a .tex file, and you receive a .pdf file, and TeXLive is used
>> for processing.
>>
>> Is such a service available at all, with or without TeXLive? A quick
>> search with google doesn't bring up anything.
>
> I would personally be very worried about security implications of this
> setup.
I'd be worried, too. There are many details in a standard TeX setup, as
well as deep in the bowels of our code, which were never designed for
such a situation.
> Isn't it possible to run any command when processing a document?
It's probably possible to exclude this possibility quite well, as Zdenek
pointed out. But the first attack which I would try would be to fill up
the /var partition by generating lots of useless fonts. Next, after some
reading, I'd try to generate a file outside the /var/cache hierarchy by
finding some loophole in kpathsea which no one ever cared to check for...
Regards, Frank
--
Frank Küster
Debian Developer (teTeX/TeXLive)
More information about the tex-live
mailing list