TeX on contextgarden disabled - \installprogram security
Hi, I've just found out about \installprogram, that lets you run any command from TeX, bypassing the shellescape, openout and openin setting. This means that I have a serious security problem on contextgarden and therefore I have disabled all TeX typesetting. Any advise on how to disable this? Patrick -- ConTeXt wiki and more: http://contextgarden.net
Patrick Gundlach wrote:
Hi,
I've just found out about \installprogram, that lets you run any command from TeX, bypassing the shellescape, openout and openin setting. This means that I have a serious security problem on contextgarden and therefore I have disabled all TeX typesetting.
Any advise on how to disable this?
you can patch texutil.rb def MyExtras::finalizer(logger) unless (ENV["CTX.TEXUTIL.EXTRAS"] =~ /^(no|off|false|0)$/io) || (ENV["CTX_TEXUTIL_EXTRAS"] =~ /^(no|off|false|0)$/io) then @@programs.each do |p| cmd = @@programs[p.to_i] logger.report("running #{cmd}") system(cmd) end end end and set CTX_TEXUTIL_EXTRAS=off (in mkiv i have a more clever method, there we can register nice programs)
Patrick
-- ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------
On 3/29/07, Hans Hagen wrote:
Patrick Gundlach wrote:
Hi,
I've just found out about \installprogram, that lets you run any command from TeX, bypassing the shellescape, openout and openin setting. This means that I have a serious security problem on contextgarden and therefore I have disabled all TeX typesetting.
Any advise on how to disable this?
you can patch texutil.rb
def MyExtras::finalizer(logger) unless (ENV["CTX.TEXUTIL.EXTRAS"] =~ /^(no|off|false|0)$/io) || (ENV["CTX_TEXUTIL_EXTRAS"] =~ /^(no|off|false|0)$/io) then @@programs.each do |p| cmd = @@programs[p.to_i] logger.report("running #{cmd}") system(cmd) end end end
and set
CTX_TEXUTIL_EXTRAS=off
(in mkiv i have a more clever method, there we can register nice programs)
What about some extra safety --switch? (Otherwise we need to patch every time a new version is installed - I can place a regular expression to replace that part, but I guess that other people might need that as well.) Mojca
Mojca Miklavec wrote:
and set
CTX_TEXUTIL_EXTRAS=off
(in mkiv i have a more clever method, there we can register nice programs)
What about some extra safety --switch? (Otherwise we need to patch every time a new version is installed - I can place a regular expression to replace that part, but I guess that other people might need that as well.)
I take it this will be patched into the distributed version as well. No environment variable -> No changed behaviour Cheers, Taco
Taco Hoekwater wrote:
Mojca Miklavec wrote:
and set
CTX_TEXUTIL_EXTRAS=off
(in mkiv i have a more clever method, there we can register nice programs)
What about some extra safety --switch? (Otherwise we need to patch every time a new version is installed - I can place a regular expression to replace that part, but I guess that other people might need that as well.)
I take it this will be patched into the distributed version as well.
No environment variable -> No changed behaviour
indeed the snippet was copied from my patched version -) untested of course Hans
Hello Hans,
and set
CTX_TEXUTIL_EXTRAS=off
(in mkiv i have a more clever method, there we can register nice programs)
OK, this works, but is it possible to put this into a global configuration file (texmf.cnf, cont-usr.tex)? There are several places where TeX can be called on the garden and I don't want to miss one (and have garden erased). Patrick -- ConTeXt wiki and more: http://contextgarden.net
Patrick Gundlach wrote:
Hello Hans,
and set
CTX_TEXUTIL_EXTRAS=off
(in mkiv i have a more clever method, there we can register nice programs)
OK, this works, but is it possible to put this into a global configuration file (texmf.cnf, cont-usr.tex)? There are several places
/etc/profile :-) Taco
Taco Hoekwater wrote:
(in mkiv i have a more clever method, there we can register nice programs)
OK, this works, but is it possible to put this into a global configuration file (texmf.cnf, cont-usr.tex)? There are several places
/etc/profile :-)
I just realized that that could be wrong, if you run ruby directly from apache using exec(). But I thought you had an executable wrapper around texexec? Taco
Taco Hoekwater
Taco Hoekwater wrote:
(in mkiv i have a more clever method, there we can register nice programs)
OK, this works, but is it possible to put this into a global configuration file (texmf.cnf, cont-usr.tex)? There are several places /etc/profile :-)
I just realized that that could be wrong, if you run ruby directly
from apache using exec(). But I thought you had an executable wrapper around texexec?
I thought that is what you ment by using ':-)'. Yes, I have an executable wrapper around texexec, but several points on the garden where I call texexec. Two at the moment but I will probably add some more in the future. And those don't read /etc/profile so I'd have to set the environment variable in each of the wrappers. Maybe I will add yet another layer to texexec that just exports this variable. At the moment I have stopped the automatic update of ConTeXt and manually removed the line where external programs get called. I will reenable updates once I have this kind of wrapper. Patrick -- ConTeXt wiki and more: http://contextgarden.net
Hi,
(in mkiv i have a more clever method, there we can register nice programs) OK, this works, but is it possible to put this into a global configuration file (texmf.cnf, cont-usr.tex)? There are several places
/etc/profile :-)
/etc/init.d/httpd :) Patrick (now re-enabled all as it was before - fingers crossed) -- ConTeXt wiki and more: http://contextgarden.net
Hi,
def MyExtras::finalizer(logger) unless (ENV["CTX.TEXUTIL.EXTRAS"] =~ /^(no|off|false|0)$/io) || (ENV["CTX_TEXUTIL_EXTRAS"] =~ /^(no|off|false|0)$/io) then @@programs.each do |p| cmd = @@programs[p.to_i] logger.report("running #{cmd}") system(cmd) end end end
could we use something like "kpsexpand \$CTX_TEXUTIL_EXTRAS"? This way I could set this in texmf.cnf and on the command line. Patrick -- ConTeXt wiki and more: http://contextgarden.net
Patrick Gundlach wrote:
Hi,
def MyExtras::finalizer(logger) unless (ENV["CTX.TEXUTIL.EXTRAS"] =~ /^(no|off|false|0)$/io) || (ENV["CTX_TEXUTIL_EXTRAS"] =~ /^(no|off|false|0)$/io) then @@programs.each do |p| cmd = @@programs[p.to_i] logger.report("running #{cmd}") system(cmd) end end end
could we use something like "kpsexpand \$CTX_TEXUTIL_EXTRAS"? This way I could set this in texmf.cnf and on the command line.
each kpse call slows down processing; it would be easier in mkiv where we have more control, so for mkii we need to stick to setting this in the env Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------
participants (4)
-
Hans Hagen -
Mojca Miklavec -
Patrick Gundlach -
Taco Hoekwater