reproduce-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[task #15694] pdflatex: why allow write18 with -shell-escape?

From: Mohammad Akhlaghi
Subject: [task #15694] pdflatex: why allow write18 with -shell-escape?
Date: Tue, 16 Jun 2020 22:44:14 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0 
Update of task #15694 (project reproduce):

                Category:                    None => Analysis               
                  Status:                    None => Done                   
             Assigned to:                    None => boud                   
             Open/Closed:                    Open => Closed                 

    _______________________________________________________

Follow-up Comment #3:

Thanks a lot Boud, it is now pushed into the Maneage branch as Commit
1a4066d08622 <http://git.maneage.org/project.git/commit/?id=1a4066d08622>. 

As explained in the edited commit message, this is primarily an issue when
someone *only* runs a LaTeX command and doesn't expect it to silently call any
other command. Something like arXiv's servers for example.

But in the context of Maneage (which is actually a software, running many
silent commands on the host long before it reaches 'pdflatex'), a malicious
project-creator can embed their malicious code anywhere in the project, before
control comes to 'pdflatex'.

The user should indeed take security seriously and if they don't trust the
Maneage-derived project, they should run it in a container, or better yet, an
isolated virtual machine. In fact tha t is why I am now working on a
Dockerfile for "Maneaged" projects. People would be much more comfortable
running so many commands in an environment that doesn't contain their email
credentials or SSH keys for example!

Fortunately Maneage doesn't require root access, so a Malicious project
creator can't permanently disable the whole system. But as mentioned above for
passwords and SSH keys, there are still many user-specific things that a
malicious project author can exploit. So generally, from the security point of
view, *as with any software* (that you shouldn't blindly trust), it is best to
run a random "Maneaged" project with proper security conditions in mind.

But anyway, the comment above 'pdflatex' is kept to let people know about the
situation generally ;-). Thanks for highlighting this important point ;-). 

I am now closing this issue, but just opened task #15696 to continue the
general security discussion there and hopefully add a good and clear warning
at the start of Maneage's configuration step.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/task/?15694>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]