teximg: Make TeX handle preventing unsafe things; remove insufficient blacklist
authorJoey Hess <joey@gnu.kitenet.net>
Sun, 30 Aug 2009 19:08:13 +0000 (15:08 -0400)
committerJoey Hess <joey@gnu.kitenet.net>
Sun, 30 Aug 2009 19:08:13 +0000 (15:08 -0400)
TeX has configuration options that prevent unsafe things like shell
escapes and insecure file reads/writes.  Turn all of them on.

teximg's regex-based blacklist does not suffice.  For instance:

[[!teximg code="""
\catcode`\%=0
%input{/etc/passwd}
"""]]

Remove the blacklist, since the TeX configuration options seal off the
underlying mechanisms more safely, and the blacklist blocks other TeX
commands that can prove useful.
(cherry picked from commit 9f75d3b1f3c43820cff9ce554601f64c60d72b14)

Conflicts:

IkiWiki/Plugin/teximg.pm
debian/changelog

IkiWiki/Plugin/teximg.pm
debian/changelog

index 8c3e88c6974a8f2d5aa00fc119ba1f8941f4c943..90bf615d99d943bba6302d9117f6d9357b10393f 100644 (file)
@@ -29,13 +29,7 @@ sub preprocess (@) { #{{{
        if (! defined $code && ! length $code) {
                return "[[teximg ".gettext("missing tex code"). "]]";
        }
-
-       if (check($code)) {
-               return create($code, check_height($height), \%params);
-       }
-       else {
-               return "[[teximg ".gettext("code includes disallowed latex commands"). "]]";
-       }
+       return create($code, check_height($height), \%params);
 } #}}}
 
 sub check_height ($) { #{{{
@@ -110,7 +104,7 @@ sub gen_image ($$$$) { #{{{
        my $tmp = eval { create_tmp_dir($digest) };
        if (! $@ &&
            writefile("$digest.tex", $tmp, $tex) &&
-           system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 &&
+           system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 &&
            system("dvips -E $tmp/$digest.dvi -o $tmp/$digest.ps 2> $tmp/$digest.log") == 0 &&
            # ensure destination directory exists
            writefile("$imagedir/$digest.png", $config{destdir}, "") &&
@@ -142,34 +136,4 @@ sub create_tmp_dir ($) { #{{{
        return $tmpdir;
 } #}}}
 
-sub check ($) { #{{{
-       # Check if the code is ok
-       my $code = shift;
-
-       my @badthings = (
-               qr/\$\$/,
-               qr/\\include/,
-               qr/\\includegraphic/,
-               qr/\\usepackage/,
-               qr/\\newcommand/, 
-               qr/\\renewcommand/,
-               qr/\\def/,
-               qr/\\input/,
-               qr/\\open/,
-               qr/\\loop/,
-               qr/\\errorstopmode/,
-               qr/\\scrollmode/,
-               qr/\\batchmode/,
-               qr/\\read/,
-               qr/\\write/,
-       );
-       
-       foreach my $thing (@badthings) {
-               if ($code =~ m/$thing/ ) {
-                       return 0;
-               }
-       }
-       return 1;
-} #}}}
-
 1
index 72650f199bf04d2762c7a9ba2335f5a09baacb07..fdbcfd7f4113927aa4b0a434740250cb3dc791e5 100644 (file)
@@ -1,5 +1,7 @@
 ikiwiki (2.53.4) UNRELEASED; urgency=low
 
+  * teximg: Replace the insufficient blacklist with the built-in security
+    mechanisms of TeX.
   * img: Don't generate new verison of image if it is scaled to be
     larger in either dimension.