teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
TeX has configuration options that prevent unsafe things like shell
escapes and insecure file reads/writes. Turn all of them on.
teximg's regex-based blacklist does not suffice. For instance:
[[!teximg code="""
\catcode`\%=0
%input{/etc/passwd}
"""]]
Remove the blacklist, since the TeX configuration options seal off the
underlying mechanisms more safely, and the blacklist blocks other TeX
commands that can prove useful.
master
Josh Triplett
parent
03449610d6
commit
9f75d3b1f3
|
|
@ -69,13 +69,7 @@ sub preprocess (@) {
|
|||
if (! defined $code && ! length $code) {
|
||||
error gettext("missing tex code");
|
||||
}
|
||||
|
||||
if (check($code)) {
|
||||
return create($code, check_height($height), \%params);
|
||||
}
|
||||
else {
|
||||
error gettext("code includes disallowed latex commands")
|
||||
}
|
||||
return create($code, check_height($height), \%params);
|
||||
}
|
||||
|
||||
sub check_height ($) {
|
||||
|
|
@ -155,7 +149,7 @@ sub gen_image ($$$$) {
|
|||
my $tmp = eval { create_tmp_dir($digest) };
|
||||
if (! $@ &&
|
||||
writefile("$digest.tex", $tmp, $tex) &&
|
||||
system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 &&
|
||||
system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 &&
|
||||
# ensure destination directory exists
|
||||
writefile("$imagedir/$digest.png", $config{destdir}, "") &&
|
||||
(($config{teximg_dvipng} &&
|
||||
|
|
@ -191,34 +185,4 @@ sub create_tmp_dir ($) {
|
|||
return $tmpdir;
|
||||
}
|
||||
|
||||
sub check ($) {
|
||||
# Check if the code is ok
|
||||
my $code = shift;
|
||||
|
||||
my @badthings = (
|
||||
qr/\$\$/,
|
||||
qr/\\include/,
|
||||
qr/\\includegraphic/,
|
||||
qr/\\usepackage/,
|
||||
qr/\\newcommand/,
|
||||
qr/\\renewcommand/,
|
||||
qr/\\def/,
|
||||
qr/\\input/,
|
||||
qr/\\open/,
|
||||
qr/\\loop/,
|
||||
qr/\\errorstopmode/,
|
||||
qr/\\scrollmode/,
|
||||
qr/\\batchmode/,
|
||||
qr/\\read/,
|
||||
qr/\\write/,
|
||||
);
|
||||
|
||||
foreach my $thing (@badthings) {
|
||||
if ($code =~ m/$thing/ ) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
1
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
ikiwiki (3.1415926) UNRELEASED; urgency=low
|
||||
|
||||
[ Joey Hess ]
|
||||
* po: Detect if nowrapi18n can't be passed to po4a, and warn about
|
||||
the old version, but continue. Closes: #541205
|
||||
* inline: Avoid use of my $_ as it fails with older perls.
|
||||
|
|
@ -40,6 +41,10 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low
|
|||
* img: Don't generate new verison of image if it is scaled to be
|
||||
larger in either dimension.
|
||||
|
||||
[ Josh Triplett ]
|
||||
* teximg: Replace the insufficient blacklist with the built-in security
|
||||
mechanisms of TeX.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400
|
||||
|
||||
ikiwiki (3.141592) unstable; urgency=low
|
||||
|
|
|
|||
Loading…
Reference in New Issue