[OS X TeX] TeXLive 2006 (MacTeX) is not detected...

Victor Ivrii vivrii at gmail.com
Wed Jan 3 11:58:22 EST 2007


On 1/3/07, Franck Pastor <pastor at fusl.ac.be> wrote:
>

>
> Thanks to you and Victor Ivrii for warning me, I was not aware of
> that risk !
>
>

This becomes OT but one needs to remember that

running tex (or anything like) with --shell-escape is also a security risk

using package filecontents is a security risk (since it can override
existing files in the current directory)

copy and pasting long documents into the shell or in some editors like
vi (allowing shell escape) is also a security risk, especially from
pdf documents and especially opened via AR or Acrobat (copy buffer
could be really different from what you see - remember lawyers placing
on web pdf docs with blaclboxed sensitive parts?)

opening Real streams via QuickTime as it was announced yesterday is a
security risk too

Basically the only secure computer is one disconnected from interned
and switched off. Still, running tex with --shell-escape has an
advantage of being able to run as  slaves some programs (like gnuplot
via pgf). On the other hand, including . in your PATH provides no real
advantage except creating MAC (which means Mess And Confusion here :-)








-- 
========================
Victor Ivrii, Department of Mathematics, University of Toronto
http://www.math.toronto.edu/ivrii

------------------------- Helpful Info -------------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
TeX FAQ: http://www.tex.ac.uk/faq
List Archive: http://tug.org/pipermail/macostex-archives/
List Reminders & Etiquette: http://www.esm.psu.edu/mac-tex/list/





More information about the MacOSX-TeX mailing list