latex2rtf-users

[Prev] Thread [Next] | [Prev] Date [Next]

Re: [Latex2rtf-users] Online RTF generation - can I disable IO? Scott Prahl Wed Dec 10 09:01:19 2008

On Dec 10, 2008, at 6:34 AM, Fergus Gallagher wrote:

> I want to use latex2rtf to generate an online RTF version of user- 
> supplied
> data (specifically bibtex data)

This is a BAD IDEA.  There are too many ways to make latex2rtf crash.   
A clever
hacker could easily turn these predictable crashes into a compromise.

We should put this warning in the documentation.

>  but I can't find a way to ensure that a user
> can't get away with things like "\input /etc/passwd" in an entry.

This is just one point of weakness in the program.  The entire design of
latex2rtf presumes a valid latex document and all documents are presumed
to be trusted.

Sorry.

Scott

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Latex2rtf-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/latex2rtf-users

[Latex2rtf-users] Online RTF generation - can I disable IO? Fergus Gallagher

Re: [Latex2rtf-users] Online RTF generation - can I disable IO? Scott Prahl <=