TeX has configuration options that prevent unsafe things like shell
escapes and insecure file reads/writes. Turn all of them on.
teximg's regex-based blacklist does not suffice. For instance:
[[!teximg code="""
\catcode`\%=0
%input{/etc/passwd}
"""]]
Remove the blacklist, since the TeX configuration options seal off the
underlying mechanisms more safely, and the blacklist blocks other TeX
commands that can prove useful.
(cherry picked from commit
9f75d3b1f3c43820cff9ce554601f64c60d72b14)
Conflicts:
IkiWiki/Plugin/teximg.pm
debian/changelog
if (! defined $code && ! length $code) {
return "[[teximg ".gettext("missing tex code"). "]]";
}
if (! defined $code && ! length $code) {
return "[[teximg ".gettext("missing tex code"). "]]";
}
-
- if (check($code)) {
- return create($code, check_height($height), \%params);
- }
- else {
- return "[[teximg ".gettext("code includes disallowed latex commands"). "]]";
- }
+ return create($code, check_height($height), \%params);
} #}}}
sub check_height ($) { #{{{
} #}}}
sub check_height ($) { #{{{
my $tmp = eval { create_tmp_dir($digest) };
if (! $@ &&
writefile("$digest.tex", $tmp, $tex) &&
my $tmp = eval { create_tmp_dir($digest) };
if (! $@ &&
writefile("$digest.tex", $tmp, $tex) &&
- system("cd $tmp; latex --interaction=nonstopmode $tmp/$digest.tex > /dev/null") == 0 &&
+ system("cd $tmp; shell_escape=f openout_any=p openin_any=p latex --interaction=nonstopmode $digest.tex < /dev/null > /dev/null") == 0 &&
system("dvips -E $tmp/$digest.dvi -o $tmp/$digest.ps 2> $tmp/$digest.log") == 0 &&
# ensure destination directory exists
writefile("$imagedir/$digest.png", $config{destdir}, "") &&
system("dvips -E $tmp/$digest.dvi -o $tmp/$digest.ps 2> $tmp/$digest.log") == 0 &&
# ensure destination directory exists
writefile("$imagedir/$digest.png", $config{destdir}, "") &&
-sub check ($) { #{{{
- # Check if the code is ok
- my $code = shift;
-
- my @badthings = (
- qr/\$\$/,
- qr/\\include/,
- qr/\\includegraphic/,
- qr/\\usepackage/,
- qr/\\newcommand/,
- qr/\\renewcommand/,
- qr/\\def/,
- qr/\\input/,
- qr/\\open/,
- qr/\\loop/,
- qr/\\errorstopmode/,
- qr/\\scrollmode/,
- qr/\\batchmode/,
- qr/\\read/,
- qr/\\write/,
- );
-
- foreach my $thing (@badthings) {
- if ($code =~ m/$thing/ ) {
- return 0;
- }
- }
- return 1;
-} #}}}
-
ikiwiki (2.53.4) UNRELEASED; urgency=low
ikiwiki (2.53.4) UNRELEASED; urgency=low
+ * teximg: Replace the insufficient blacklist with the built-in security
+ mechanisms of TeX.
* img: Don't generate new verison of image if it is scaled to be
larger in either dimension.
* img: Don't generate new verison of image if it is scaled to be
larger in either dimension.