texlua-based tool and restricted shell escape
Jonathan Fine
jfine2358 at gmail.com
Tue Feb 20 20:54:05 CET 2024
Hi
Is there anyone from the arXiv reading this thread? It would be a shame if
this feature delayed the deployment of tagged PDF via Latex. Or in any
other way caused difficulty for the arXiv's very important typesetting
service.
By the way, the arxiv hosts:
Title: Can You Accept LaTeX Files from Strangers? Ten Years Later
https://arxiv.org/abs/2102.00856
I'd be wary of running third party Latex files that could export via PDF
important information about the system that is typesetting the files. For
example, such information could reveal an unpatched vulnerability. This is
discussed in section 3.2 of "Can you accept ...".
Sometimes the name of a user file contains important information eg
2024-02-24-appointment-letter.pdf
If there's anyone on the arXiv reading this, I'm all ears for what they
have to say.
with kind regards
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20240220/b37b447e/attachment.htm>
More information about the tex-live
mailing list.