lgwlatex, lgwbibtex, lgwmakeindex, lgwdvipdfm - run tex commands
in a chroot jail
lgwlatex root path file
lgwbibtex root path file
lgwmakeindex root path file
lgwdvipdfm root path file
The lgwlatex command runs latex on the given, potentially malicious, file. To keep latex from hurting the system, and to make the output from latex independent of any local setup, latex is run inside a chroot jail situated at the given root. Before running latex, lgwlatex does a cd to the given path relative to the root.
The lgwlatex command needs root privilege to chroot to the jail and is intended to run setuid root. The lgwlatex command drops root privileges before invoking latex.
To reduce the risk of attacks using lgwlatex, lgwlatex checks that the given root directory is owned by user root and has exactly the following contents: "lib", "usr", "bibliography", "codex", "dictionary", "header", "vector", "body", "diagnose", "expansion", "reference", "lgwdir.html", and "index.html". It also checks the exact contents of "usr", "usr/bin", and "usr/share". "usr" must contain "bin", "lib", and "share". "usr/bin" must contain "latex", "bibtex", "makeindex", and "dvipdfm". "usr/share" must contain "texmf". In case of descrepancies, lgwlatex prints an error message and exits before calling chroot. So attackers cannot get a free chroot from lgwlatex.
The path argument given to lgwlatex is relative to the chroot jail and cannot point outside the jail.
The lgwbibtex, lgwmakeindex, and lgwdvipdfm commands are analogous to lgwlatex.
Klaus Grue, http://logiweb.eu/
pyk(1) , logiweb(1) , lgwmkjail(1) , lgwrmjail(1)
Table of Contents