14.210 Improper filename

Prev Up Next Page 681 of 800 Search internet

Origin: lgc. Landing-place: terminal.

User rendering occurs in the page subdirectory of the rendering directory. User rendering ought to occur in a chroot jail, but that is not implemented. As a mild protection against accidentally breaking out of the page subdirectory, lgc only allows the user to generate files in that directory whose names are made up from letters a-z and A-Z, digits 0-9, hyphens, underscores, dots, and slashes. Furthermore, lgc puts restrictions on dots and slashes so that e.g. two dots in a row is illegal.

The user is allowed, however, to run latex and may thus access essentially anything. At present that is necessary since latex needs access to standard .sty files. That constitutes two problems. (1) Malicious users may construct pages which invoke latex such that latex accesses the disk in a malicious way and may then try to persuade users to reference their pages such that the malicious code gets executed. (2) Giving access to the .sty files on the users computer makes rendering dependent on which .sty files happen to be present on the users computer and how .sty files are modified in the future. It would be much more satisfactory if used .sty files were generated as part of the rendering as that would ensure that rendering of a page remained invariant in all future.

Prev Up Next Page 681 of 800 Search logiweb.eu

Copyright © 2010 Klaus Grue, GRD-2010-01-05