teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
TeX has configuration options that prevent unsafe things like shell escapes and insecure file reads/writes. Turn all of them on. teximg's regex-based blacklist does not suffice. For instance: [[!teximg code=""" \catcode`\%=0 %input{/etc/passwd} """]] Remove the blacklist, since the TeX configuration options seal off the underlying mechanisms more safely, and the blacklist blocks other TeX commands that can prove useful.master
parent
03449610d6
commit
9f75d3b1f3
|
@ -69,13 +69,7 @@ sub preprocess (@) {
|
|||
if (! defined $code && ! length $code) {
|
||||
error gettext("missing tex code");
|
||||
}
|
||||
|
||||
if (check($code)) {
|
||||
return create($code, check_height($height), \%params);
|
||||
}
|
||||
else {
|
||||
error gettext("code includes disallowed latex commands")
|
||||
}
|
||||
return create($code, check_height($height), \%params);
|
||||
}
|
||||
|
||||
sub check_height ($) {
|
||||
|
@ -155,7 +149,7 @@ sub gen_image ($$$$) {
|
|||
my $tmp = eval { create_tmp_dir($digest) };
|
||||
if (! $@ &&
|
||||
writefile("$digest.tex", $tmp, $tex) &&
|
||||
system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 &&
|
||||
system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 &&
|
||||
# ensure destination directory exists
|
||||
writefile("$imagedir/$digest.png", $config{destdir}, "") &&
|
||||
(($config{teximg_dvipng} &&
|
||||
|
@ -191,34 +185,4 @@ sub create_tmp_dir ($) {
|
|||
return $tmpdir;
|
||||
}
|
||||
|
||||
sub check ($) {
|
||||
# Check if the code is ok
|
||||
my $code = shift;
|
||||
|
||||
my @badthings = (
|
||||
qr/\$\$/,
|
||||
qr/\\include/,
|
||||
qr/\\includegraphic/,
|
||||
qr/\\usepackage/,
|
||||
qr/\\newcommand/,
|
||||
qr/\\renewcommand/,
|
||||
qr/\\def/,
|
||||
qr/\\input/,
|
||||
qr/\\open/,
|
||||
qr/\\loop/,
|
||||
qr/\\errorstopmode/,
|
||||
qr/\\scrollmode/,
|
||||
qr/\\batchmode/,
|
||||
qr/\\read/,
|
||||
qr/\\write/,
|
||||
);
|
||||
|
||||
foreach my $thing (@badthings) {
|
||||
if ($code =~ m/$thing/ ) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
1
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
ikiwiki (3.1415926) UNRELEASED; urgency=low
|
||||
|
||||
[ Joey Hess ]
|
||||
* po: Detect if nowrapi18n can't be passed to po4a, and warn about
|
||||
the old version, but continue. Closes: #541205
|
||||
* inline: Avoid use of my $_ as it fails with older perls.
|
||||
|
@ -40,6 +41,10 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low
|
|||
* img: Don't generate new verison of image if it is scaled to be
|
||||
larger in either dimension.
|
||||
|
||||
[ Josh Triplett ]
|
||||
* teximg: Replace the insufficient blacklist with the built-in security
|
||||
mechanisms of TeX.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400
|
||||
|
||||
ikiwiki (3.141592) unstable; urgency=low
|
||||
|
|
Loading…
Reference in New Issue