19 Dec
2005
19 Dec
'05
2:13 p.m.
Hello, On Mon, Dec 19, 2005 at 01:01:19AM +0100, Martin Schröder wrote:
The attached patch unlinks the current file, if a fatal
error happens. Currently this is done without any checks,
and may be a security problem.
The patch does this:
if (outputfilename) { xfclose(pdffile, makecstring(outputfilename)); unlink (makecstring(outputfilename)); }
How safe is this? And how safe is this for TeX security wise? And is there a better way?
Perhaps it is more safe, if pdfTeX deletes the file only if it
was successfully opened for writing before to ensure that the
file that pdfTeX removes was generated by pdfTeX before.
Yours sincerely
Heiko