teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
TeX has configuration options that prevent unsafe things like shell escapes and insecure file reads/writes. Turn all of them on. teximg's regex-based blacklist does not suffice. For instance: [[!teximg code=""" \catcode`\%=0 %input{/etc/passwd} """]] Remove the blacklist, since the TeX configuration options seal off the underlying mechanisms more safely, and the blacklist blocks other TeX commands that can prove useful.master
parent
03449610d6
commit
9f75d3b1f3
|
@ -69,14 +69,8 @@ sub preprocess (@) {
|
||||||
if (! defined $code && ! length $code) {
|
if (! defined $code && ! length $code) {
|
||||||
error gettext("missing tex code");
|
error gettext("missing tex code");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (check($code)) {
|
|
||||||
return create($code, check_height($height), \%params);
|
return create($code, check_height($height), \%params);
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
error gettext("code includes disallowed latex commands")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sub check_height ($) {
|
sub check_height ($) {
|
||||||
# Since latex doesn't support unlimited scaling this function
|
# Since latex doesn't support unlimited scaling this function
|
||||||
|
@ -155,7 +149,7 @@ sub gen_image ($$$$) {
|
||||||
my $tmp = eval { create_tmp_dir($digest) };
|
my $tmp = eval { create_tmp_dir($digest) };
|
||||||
if (! $@ &&
|
if (! $@ &&
|
||||||
writefile("$digest.tex", $tmp, $tex) &&
|
writefile("$digest.tex", $tmp, $tex) &&
|
||||||
system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 &&
|
system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 &&
|
||||||
# ensure destination directory exists
|
# ensure destination directory exists
|
||||||
writefile("$imagedir/$digest.png", $config{destdir}, "") &&
|
writefile("$imagedir/$digest.png", $config{destdir}, "") &&
|
||||||
(($config{teximg_dvipng} &&
|
(($config{teximg_dvipng} &&
|
||||||
|
@ -191,34 +185,4 @@ sub create_tmp_dir ($) {
|
||||||
return $tmpdir;
|
return $tmpdir;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub check ($) {
|
|
||||||
# Check if the code is ok
|
|
||||||
my $code = shift;
|
|
||||||
|
|
||||||
my @badthings = (
|
|
||||||
qr/\$\$/,
|
|
||||||
qr/\\include/,
|
|
||||||
qr/\\includegraphic/,
|
|
||||||
qr/\\usepackage/,
|
|
||||||
qr/\\newcommand/,
|
|
||||||
qr/\\renewcommand/,
|
|
||||||
qr/\\def/,
|
|
||||||
qr/\\input/,
|
|
||||||
qr/\\open/,
|
|
||||||
qr/\\loop/,
|
|
||||||
qr/\\errorstopmode/,
|
|
||||||
qr/\\scrollmode/,
|
|
||||||
qr/\\batchmode/,
|
|
||||||
qr/\\read/,
|
|
||||||
qr/\\write/,
|
|
||||||
);
|
|
||||||
|
|
||||||
foreach my $thing (@badthings) {
|
|
||||||
if ($code =~ m/$thing/ ) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
1
|
1
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
ikiwiki (3.1415926) UNRELEASED; urgency=low
|
ikiwiki (3.1415926) UNRELEASED; urgency=low
|
||||||
|
|
||||||
|
[ Joey Hess ]
|
||||||
* po: Detect if nowrapi18n can't be passed to po4a, and warn about
|
* po: Detect if nowrapi18n can't be passed to po4a, and warn about
|
||||||
the old version, but continue. Closes: #541205
|
the old version, but continue. Closes: #541205
|
||||||
* inline: Avoid use of my $_ as it fails with older perls.
|
* inline: Avoid use of my $_ as it fails with older perls.
|
||||||
|
@ -40,6 +41,10 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low
|
||||||
* img: Don't generate new verison of image if it is scaled to be
|
* img: Don't generate new verison of image if it is scaled to be
|
||||||
larger in either dimension.
|
larger in either dimension.
|
||||||
|
|
||||||
|
[ Josh Triplett ]
|
||||||
|
* teximg: Replace the insufficient blacklist with the built-in security
|
||||||
|
mechanisms of TeX.
|
||||||
|
|
||||||
-- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400
|
-- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400
|
||||||
|
|
||||||
ikiwiki (3.141592) unstable; urgency=low
|
ikiwiki (3.141592) unstable; urgency=low
|
||||||
|
|
Loading…
Reference in New Issue