Table of Contents


lgwlatex, lgwbibtex, lgwmakeindex, lgwdvipdfm - run tex commands

in a chroot jail


lgwmkjail path


The lgwmkjail command creates a root-owned directory at the given path and populates it for use by lgwlatex, lgwbibtex, lgwmakeindex, and lgwdvipdfm.

The lgwlatex command runs latex on the given, potentially malicious, file. To keep latex from hurting the system, and to make the output from latex independent of any local setup, latex is run inside a chroot jail situated at the given root. Before running latex, lgwlatex does a cd to the given path relative to the root.

The lgwlatex command needs root privilege to establish the chroot jail and is intended to run setuid root. The lgwlatex command drops root privileges before invoking latex.

To reduce the risk of attacks using lgwlatex, lgwlatex checks that the given root directory is owned by user root and has exactly the following contents: "lib", "usr", "bibliography", "codex", "dictionary", "header", "vector", "body", "diagnose", "expansion", "reference", "lgwdir.html", and "index.html". It also checks the exact contents of "usr", "usr/bin", and "usr/share". "usr" must contain "bin", "lib", and "share". "usr/bin" must contain "latex", "bibtex", "makeindex", and "dvipdfm". "usr/share" must contain "texmf". In case of descrepancies, lgwlatex prints an error message and exits before calling chroot. So attackers cannot get a free chroot from lgwlatex.

The path argument given to lgwlatex is relative to the chroot jail and cannot point outside the jail.

The lgwbibtex, lgwmakeindex, and lgwdvipdfm commands are analogous to lgwlatex.


The path of the jail.

The path to cd to after establishing the jail and after dropping root privileges.

The file to run latex/bibtex/makeindex/dvipdfm on.


Klaus Grue,

See Also

pyk(1) , logiweb(1) , lgwlatex(1) , lgwrmjail(1)

Table of Contents