[NTG-pdftex] Re: [ pdftex-Feature Requests-87 ] In case of fatal errors, delete the output file

Olaf Weber olaf at infovore.xs4all.nl
Mon Dec 19 21:58:42 CET 2005

Heiko Oberdiek writes:
> Hello,
> On Mon, Dec 19, 2005 at 01:01:19AM +0100, Martin Schröder wrote:

>> > The attached patch unlinks the current file, if a fatal
>> > 
>> > error happens. Currently this is done without any checks,
>> > 
>> > and may be a security problem.
>> The patch does this:
>> if (outputfilename) {
>> 	xfclose(pdffile, makecstring(outputfilename));
>> 	unlink (makecstring(outputfilename));
>> }
>> How safe is this? And how safe is this for TeX security wise? And
>> is there a better way?

> Perhaps it is more safe, if pdfTeX deletes the file only if it
> was successfully opened for writing before to ensure that the
> file that pdfTeX removes was generated by pdfTeX before.

For portability, use remove(3) instead of unlink(2).  If the file came
out of xfopen, then we're already assured that pdftex opened it for
writing, so it should definitely be ours to remove.  I don't see
security issues here (they'd have to be dealt with at the point where
the file is opened).

Olaf Weber

               (This space left blank for technical reasons.)

More information about the ntg-pdftex mailing list