Shell escape & ConTeXt (was: Re: [OS X TeX] EPS to PDF--en masse?)

Adam Lindsay atl at
Tue Jun 8 11:52:10 EDT 2004

TeX on Mac OS X Mailing List said this at Mon, 7 Jun 2004 20:00:01 -0400:

>Shell escape is a mechanism which basically stops TeX processing, allows
>an external program (like epstopd script) to run and then resume the
>processing. The problem is that it allows any program to be run. So if
>someone sends you a malicious TeX file, it can do good amount of damage
>like wipe your home folder.

Hi MacOSX-TeXers and ConTeXters.

I just happened to revisit this recently, wondering how to make the
gwTeX/ConTeXt experience a bit more usable "out of the box". I remember a
few months ago some ConTeXters suggesting on MacOSX-TeX that shell_escape
be set to true, to make things easier for users. The security
implications quashed that idea pretty quickly.

Instead, how about if gwTeX's default texmf.tetex/context/config/
texexec.ini includes the line:

  for  tetex  set  TeXPassString     to  -progname=context -shell-escape

That ought to be as safe as any ConTeXt installation, without negatively
impacting risk for other macro packages, right?

(disclaimer: I don't run gwTeX on my main rig (TeXLive for me), but I try
to keep an eye on what's going on over there. For whatever TeXLive-ish
reason, my texexec.ini includes  --default-translate-file=cp8bit on that
line as well.)
 Adam T. Lindsay                      atl at
 Computing Dept, Lancaster University   +44(0)1524/594.537
 Lancaster, LA1 4YR, UK             Fax:+44(0)1524/593.608

Post: <mailto:MacOSX-TeX at>
Please see <> for list
guidelines, information, and LaTeX/TeX resources.

More information about the MacOSX-TeX mailing list