From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.tex.context/31538 Path: news.gmane.org!not-for-mail From: Norbert Preining Newsgroups: gmane.linux.debian.devel.tetex,gmane.comp.tex.context Subject: Two problems with current ruby scripts Date: Wed, 25 Oct 2006 10:19:06 +0200 Message-ID: <20061025081906.GA13463@gamma.logic.tuwien.ac.at> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable X-Trace: sea.gmane.org 1161764359 11434 80.91.229.2 (25 Oct 2006 08:19:19 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 25 Oct 2006 08:19:19 +0000 (UTC) Cc: Mike Bird Original-X-From: bounce-debian-tex-maint=debian-tetex-maint-moved1=m.gmane.org@lists.debian.org Wed Oct 25 10:19:17 2006 Return-path: Envelope-to: debian-tetex-maint-moved1@m.gmane.org Original-Received: from murphy.debian.org ([70.103.162.31]) by ciao.gmane.org with esmtp (Exim 4.43) id 1Gcdyl-0000sd-Dt for debian-tetex-maint-moved1@m.gmane.org; Wed, 25 Oct 2006 10:19:15 +0200 Original-Received: from localhost (localhost [127.0.0.1]) by murphy.debian.org (Postfix) with QMQP id D21282F00D; Wed, 25 Oct 2006 03:19:14 -0500 (CDT) Old-Return-Path: Original-Received: from alpha.logic.tuwien.ac.at (alpha.logic.tuwien.ac.at [128.130.175.20]) by murphy.debian.org (Postfix) with ESMTP id 913A72F007 for ; Wed, 25 Oct 2006 03:19:08 -0500 (CDT) Original-Received: from gamma.logic.tuwien.ac.at ([128.130.175.3]) by alpha.logic.tuwien.ac.at with esmtp (Exim 3.35 #1) id 1Gcdyc-0004YF-00; Wed, 25 Oct 2006 10:19:06 +0200 Original-Received: from preining by gamma.logic.tuwien.ac.at with local (Exim 3.35 #1) id 1Gcdyc-0003k8-00; Wed, 25 Oct 2006 10:19:06 +0200 Original-To: ntg-context@ntg.nl, debian-tex-maint@lists.debian.org Content-Disposition: inline User-Agent: Mutt/1.3.28i X-Rc-Virus: 2005-11-10_01 X-Rc-Spam: 2006-04-09_01 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on murphy.debian.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=4.0 tests=AWL,BAYES_60,IMPRONONCABLE_1, LDOSUBSCRIBER autolearn=no version=3.0.3 Resent-Message-ID: Resent-From: debian-tex-maint@lists.debian.org X-Mailing-List: archive/latest/1806 X-Loop: debian-tex-maint@lists.debian.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: Precedence: list Resent-Sender: debian-tex-maint-request@lists.debian.org Resent-Date: Wed, 25 Oct 2006 03:19:14 -0500 (CDT) Xref: news.gmane.org gmane.linux.debian.devel.tetex:18609 gmane.comp.tex.context:31538 Archived-At: Dear all! THe packages of ConTeXt I am currently preparing are tested by a user and he send back the following questions/comments. Could you please comment on this. For the background: I install all the stubs from=20 scripts/context/stubs/unix into /usr/bin, add a texmfstart stub that calls ruby with the right path to texmfstart.rb. ----- Forwarded message from Mike Bird ----- > From: Mike Bird > Subject: New texexec very confused > To: debian-tex-maint@lists.debian.org > Date: Tue, 24 Oct 2006 20:52:30 -0700 >=20 > The new ruby texexec is very confused. The problem of output > defaulting to pdf instead of dvi has already been noted. Here > are some additional problems: >=20 > Command: texexec --output=3Ddvips foo > Should produce: foo.dvi > Actually produces: foo.pdf >=20 > Command: texexec --dvi foo > Should produce: foo.dvi > Actually produces: foo.dvi AND OVERWRITES foo.ps >=20 > --Mike Bird ----- End forwarded message ----- ----- Forwarded message from Mike Bird ----- > From: Mike Bird > Subject: Is texmfstart secure? > To: debian-tex-maint@lists.debian.org > Date: Tue, 24 Oct 2006 21:08:53 -0700 >=20 > Package: context 2006.08.08-0.4 >=20 > If anyone who knows Ruby has time, can you tell if texmfstart is > secure? I was really surprised to see client-server code. Even > localhost services can lead to privilege escalation if not careful. > For example, /usr/share/texmf/scripts/context/ruby/texmfstart.rb > contains the following. I'm not a Ruby programmer but the comment > leads me to think there is a potential problem here: >=20 > # danger lurking > buffer =3D ' ' * 260 > length =3D filemethod.call(filename,buffer,buffer.size) > if length>0 then > return buffer.slice(0..length-1) >=20 > It looks like PRAGMA is trying to reinvent kpsewhich, integrate interne= t > explorer, launch editors, and do a whole bunch of other stuff I haven't > figured out. texexec should be a simple wrapper around tex or pdftex > but it works via texmfstart.rb which is 2541 lines of Ruby - and that's > a lot of Ruby. It may all be wonderful (I am not a Ruby programmer) bu= t > it makes me nervous. >=20 > Is an older/simpler texexec still available? >=20 > --Mike Bird ----- End forwarded message ----- Best wishes Norbert -------------------------------------------------------------------------= ------ Dr. Norbert Preining Universit=E0 = di Siena Debian Developer Debian TeX= Group gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C= 5 B094 -------------------------------------------------------------------------= ------ TABLEY SUPERIOR (n.) The look directed at you in a theatre bar in the interval by people who've already got their drinks. --- Douglas Adams, The Meaning of Liff --=20 To UNSUBSCRIBE, email to debian-tex-maint-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian= .org