[NTG-pdftex] Re: [ pdftex-Feature Requests-87 ] In case of fatal
errors, delete the output file
Heiko Oberdiek
oberdiek at uni-freiburg.de
Mon Dec 19 14:13:27 CET 2005
Hello,
On Mon, Dec 19, 2005 at 01:01:19AM +0100, Martin Schröder wrote:
> > The attached patch unlinks the current file, if a fatal
> >
> > error happens. Currently this is done without any checks,
> >
> > and may be a security problem.
>
> The patch does this:
>
> if (outputfilename) {
> xfclose(pdffile, makecstring(outputfilename));
> unlink (makecstring(outputfilename));
> }
>
> How safe is this? And how safe is this for TeX security wise? And
> is there a better way?
Perhaps it is more safe, if pdfTeX deletes the file only if it
was successfully opened for writing before to ensure that the
file that pdfTeX removes was generated by pdfTeX before.
Yours sincerely
Heiko <oberdiek at uni-freiburg.de>
--
More information about the ntg-pdftex
mailing list