Patrick Gundlach wrote:
Hi,
I've just found out about \installprogram, that lets you run any command from TeX, bypassing the shellescape, openout and openin setting. This means that I have a serious security problem on contextgarden and therefore I have disabled all TeX typesetting.
Any advise on how to disable this?
you can patch texutil.rb def MyExtras::finalizer(logger) unless (ENV["CTX.TEXUTIL.EXTRAS"] =~ /^(no|off|false|0)$/io) || (ENV["CTX_TEXUTIL_EXTRAS"] =~ /^(no|off|false|0)$/io) then @@programs.each do |p| cmd = @@programs[p.to_i] logger.report("running #{cmd}") system(cmd) end end end and set CTX_TEXUTIL_EXTRAS=off (in mkiv i have a more clever method, there we can register nice programs)
Patrick
-- ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------