[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Texmacs-dev] Re: a voir

From: Ralf Treinen
Subject: Re: [Texmacs-dev] Re: a voir
Date: Fri, 31 May 2002 19:55:44 +0200
User-agent: Mutt/1.3.28i

Désolé pour répondre en anglais mais ça va plus vite ...

There is, or at least there used to be (I didn't follow the latest
developments), a big problem with advi: Advi can execute any
arbitrary code (by passing it to a shell) which is embedded in
the code. An advi document can for instance start an xclock
application, an mpeg player, a texmacs session, or anything else.
At the time when advi was to be included into debian it was the
default behaviour of advi to allow execution of any embedded code.
The user had to supply a special option to switch this behaviour off.

I guess I don't have to tell you why this is a security problem.
For debian, the default behaviour was inversed, such that the user
has to explicitely switch on the execution of embedded code. 

It is unclear to me how this feature can be used in a secure way. Please
keep this problem in mind when adding animation features to texmacs.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]