From 9f75d3b1f3c43820cff9ce554601f64c60d72b14 Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Fri, 28 Aug 2009 23:07:27 -0700 Subject: teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist TeX has configuration options that prevent unsafe things like shell escapes and insecure file reads/writes. Turn all of them on. teximg's regex-based blacklist does not suffice. For instance: [[!teximg code=""" \catcode`\%=0 %input{/etc/passwd} """]] Remove the blacklist, since the TeX configuration options seal off the underlying mechanisms more safely, and the blacklist blocks other TeX commands that can prove useful. --- IkiWiki/Plugin/teximg.pm | 40 ++-------------------------------------- debian/changelog | 5 +++++ 2 files changed, 7 insertions(+), 38 deletions(-) diff --git a/IkiWiki/Plugin/teximg.pm b/IkiWiki/Plugin/teximg.pm index dba5372b5..f92ed0132 100644 --- a/IkiWiki/Plugin/teximg.pm +++ b/IkiWiki/Plugin/teximg.pm @@ -69,13 +69,7 @@ sub preprocess (@) { if (! defined $code && ! length $code) { error gettext("missing tex code"); } - - if (check($code)) { - return create($code, check_height($height), \%params); - } - else { - error gettext("code includes disallowed latex commands") - } + return create($code, check_height($height), \%params); } sub check_height ($) { @@ -155,7 +149,7 @@ sub gen_image ($$$$) { my $tmp = eval { create_tmp_dir($digest) }; if (! $@ && writefile("$digest.tex", $tmp, $tex) && - system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 && + system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 && # ensure destination directory exists writefile("$imagedir/$digest.png", $config{destdir}, "") && (($config{teximg_dvipng} && @@ -191,34 +185,4 @@ sub create_tmp_dir ($) { return $tmpdir; } -sub check ($) { - # Check if the code is ok - my $code = shift; - - my @badthings = ( - qr/\$\$/, - qr/\\include/, - qr/\\includegraphic/, - qr/\\usepackage/, - qr/\\newcommand/, - qr/\\renewcommand/, - qr/\\def/, - qr/\\input/, - qr/\\open/, - qr/\\loop/, - qr/\\errorstopmode/, - qr/\\scrollmode/, - qr/\\batchmode/, - qr/\\read/, - qr/\\write/, - ); - - foreach my $thing (@badthings) { - if ($code =~ m/$thing/ ) { - return 0; - } - } - return 1; -} - 1 diff --git a/debian/changelog b/debian/changelog index 992692566..a5b07aac1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low + [ Joey Hess ] * po: Detect if nowrapi18n can't be passed to po4a, and warn about the old version, but continue. Closes: #541205 * inline: Avoid use of my $_ as it fails with older perls. @@ -40,6 +41,10 @@ ikiwiki (3.1415926) UNRELEASED; urgency=low * img: Don't generate new verison of image if it is scaled to be larger in either dimension. + [ Josh Triplett ] + * teximg: Replace the insufficient blacklist with the built-in security + mechanisms of TeX. + -- Joey Hess Wed, 12 Aug 2009 12:25:30 -0400 ikiwiki (3.141592) unstable; urgency=low -- cgit v1.2.3