Table of Contents


lgwlatex, lgwbibtex, lgwmakeindex, lgwdvipdfm - run tex commands

in a chroot jail


lgwlatex root path file
lgwbibtex root path file
lgwmakeindex root path file

lgwdvipdfm root path file


The lgwlatex command runs latex on the given, potentially malicious, file. To keep latex from hurting the system, and to make the output from latex independent of any local setup, latex is run inside a chroot jail situated at the given root. Before running latex, lgwlatex does a cd to the given path relative to the root.

The lgwlatex command needs root privilege to chroot to the jail and is intended to run setuid root. The lgwlatex command drops root privileges before invoking latex.

To reduce the risk of attacks using lgwlatex, lgwlatex checks that the given root directory is owned by user root and has exactly the following contents: "lib", "usr", "bibliography", "codex", "dictionary", "header", "vector", "body", "diagnose", "expansion", "reference", "lgwdir.html", and "index.html". It also checks the exact contents of "usr", "usr/bin", and "usr/share". "usr" must contain "bin", "lib", and "share". "usr/bin" must contain "latex", "bibtex", "makeindex", and "dvipdfm". "usr/share" must contain "texmf". In case of descrepancies, lgwlatex prints an error message and exits before calling chroot. So attackers cannot get a free chroot from lgwlatex.

The path argument given to lgwlatex is relative to the chroot jail and cannot point outside the jail.

The lgwbibtex, lgwmakeindex, and lgwdvipdfm commands are analogous to lgwlatex.


The path of the jail.

The path to cd to after establishing the jail and after dropping root privileges.

The file to run latex/bibtex/makeindex/dvipdfm on.


Klaus Grue,

See Also

pyk(1) , logiweb(1) , lgwmkjail(1) , lgwrmjail(1)

Table of Contents