TeX on Mac OS X Mailing List said this at Mon, 7 Jun 2004 20:00:01 -0400:
>Shell escape is a mechanism which basically stops TeX processing, allows
>an external program (like epstopd script) to run and then resume the
>processing. The problem is that it allows any program to be run. So if
>someone sends you a malicious TeX file, it can do good amount of damage
>like wipe your home folder.
Hi MacOSX-TeXers and ConTeXters.
I just happened to revisit this recently, wondering how to make the
gwTeX/ConTeXt experience a bit more usable "out of the box". I remember a
few months ago some ConTeXters suggesting on MacOSX-TeX that shell_escape
be set to true, to make things easier for users. The security
implications quashed that idea pretty quickly.
Instead, how about if gwTeX's default texmf.tetex/context/config/
texexec.ini includes the line:
for tetex set TeXPassString to -progname=context -shell-escape
That ought to be as safe as any ConTeXt installation, without negatively
impacting risk for other macro packages, right?
(disclaimer: I don't run gwTeX on my main rig (TeXLive for me), but I try
to keep an eye on what's going on over there. For whatever TeXLive-ish
reason, my texexec.ini includes --default-translate-file=cp8bit on that
line as well.)
Adam T. Lindsay atl(a)comp.lancs.ac.uk
Computing Dept, Lancaster University +44(0)1524/594.537
Lancaster, LA1 4YR, UK Fax:+44(0)1524/593.608