TeX on Mac OS X Mailing List said this at Mon, 7 Jun 2004 20:00:01 -0400:
Shell escape is a mechanism which basically stops TeX processing, allows an external program (like epstopd script) to run and then resume the processing. The problem is that it allows any program to be run. So if someone sends you a malicious TeX file, it can do good amount of damage like wipe your home folder.
Hi MacOSX-TeXers and ConTeXters. I just happened to revisit this recently, wondering how to make the gwTeX/ConTeXt experience a bit more usable "out of the box". I remember a few months ago some ConTeXters suggesting on MacOSX-TeX that shell_escape be set to true, to make things easier for users. The security implications quashed that idea pretty quickly. Instead, how about if gwTeX's default texmf.tetex/context/config/ texexec.ini includes the line: for tetex set TeXPassString to -progname=context -shell-escape That ought to be as safe as any ConTeXt installation, without negatively impacting risk for other macro packages, right? (disclaimer: I don't run gwTeX on my main rig (TeXLive for me), but I try to keep an eye on what's going on over there. For whatever TeXLive-ish reason, my texexec.ini includes --default-translate-file=cp8bit on that line as well.) -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Adam T. Lindsay atl@comp.lancs.ac.uk Computing Dept, Lancaster University +44(0)1524/594.537 Lancaster, LA1 4YR, UK Fax:+44(0)1524/593.608 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-