[tex-k] secure mode of dvips should be default

Tomas G. Rokicki rokicki@CS.Stanford.EDU
Fri, 1 Jun 2001 10:41:58 -0700 (PDT)

Thanks for the email on dvips security!

Can you explain why secure mode should be on by default?
In other words, how might I run TeX and/or dvips over
untrusted code?  Provide me with a convincing attack
scenario.  A time bomb in some macro source somewhere that
gets included into a distribution?

Certainly if someone embeds dvips into some sort of automatic,
MIME-driven viewer, yes, secure mode should be set on, but
for command-line use?