diff options
author | Josh Triplett <josh@joshtriplett.org> | 2009-08-28 23:07:27 -0700 |
---|---|---|
committer | Josh Triplett <josh@joshtriplett.org> | 2009-08-28 23:18:07 -0700 |
commit | 9f75d3b1f3c43820cff9ce554601f64c60d72b14 (patch) | |
tree | 0b8907816f99d63ac9579c9a56ad05bd1beb1abc | |
parent | 03449610d6c666ba24bea68f01d896613e522278 (diff) |
teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
TeX has configuration options that prevent unsafe things like shell
escapes and insecure file reads/writes. Turn all of them on.
teximg's regex-based blacklist does not suffice. For instance:
[[!teximg code="""
\catcode`\%=0
%input{/etc/passwd}
"""]]
Remove the blacklist, since the TeX configuration options seal off the
underlying mechanisms more safely, and the blacklist blocks other TeX
commands that can prove useful.
-rw-r--r-- | IkiWiki/Plugin/teximg.pm | 40 | ||||
-rw-r--r-- | debian/changelog | 5 |
2 files changed, 7 insertions, 38 deletions
diff --git a/IkiWiki/Plugin/teximg.pm b/IkiWiki/Plugin/teximg.pm index dba5372b5..f92ed0132 100644 --- a/IkiWiki/Plugin/teximg.pm +++ b/IkiWiki/Plugin/teximg.pm @@ -69,13 +69,7 @@ sub preprocess (@) { if (! defined $code && ! length $code) { error gettext("missing tex code"); } - - if (check($code)) { - return create($code, check_height($height), \%params); - } - else { - error gettext("code includes disallowed latex commands") - } + return create($code, check_height($height), \%params); } sub check_height ($) { @@ -155,7 +149,7 @@ sub gen_image ($$$$) { my $tmp = eval { create_tmp_dir($digest) }; if (! $@ && writefile("$digest.tex", $tmp, $tex) && - system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 && + system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 && # ensure destination directory exists writefile("$imagedir/$digest.png", $config{destdir}, "") && (($config{teximg_dvipng} && @@ -191,34 +185,4 @@ sub create_tmp_dir ($) { return $tmpdir; } -sub check ($) { - # Check if the code is ok - my $code = shift; - - my @badthings = ( - qr/\$\$/, - qr/\\include/, - qr/\\includegraphic/, - qr/\\usepackage/, - qr/\\newcommand/, - qr/\\renewcommand/, - qr/\\def/, - qr/\\input/, - qr/\\open/, - qr/\\loop/, - qr/\\errorstopmode/, - qr/\\scrollmode/, - qr/\\batchmode/, - qr/\\read/, - qr/\\write/, - ); - - foreach my $thing (@badthings) { - if ($code =~ m/$thing/ ) { - return 0; - } - } - return 1; -} - 1 diff --git a/debian/changelog b/debian/changelog index 992692566..a5b07aac1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low + [ Joey Hess ] * po: Detect if nowrapi18n can't be passed to po4a, and warn about the old version, but continue. Closes: #541205 * inline: Avoid use of my $_ as it fails with older perls. @@ -40,6 +41,10 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low * img: Don't generate new verison of image if it is scaled to be larger in either dimension. + [ Josh Triplett ] + * teximg: Replace the insufficient blacklist with the built-in security + mechanisms of TeX. + -- Joey Hess <joeyh@debian.org> Wed, 12 Aug 2009 12:25:30 -0400 ikiwiki (3.141592) unstable; urgency=low |