Security in xdvik, was: Re: [tex-k] secure mode of dvips should be default

Stefan Ulrich
Sat, 2 Jun 2001 19:34:01 +0200

Sebastian Rahtz <> writes:

> I just need to compile it all and test... (I am doing this because I
> am also integrating the latest T1-aware xdvik into TeXLive. Does the
> same problem occur in xdvi?)

You mean, with shell escapes being enabled by default?
This is not the case with xdvi(k); they are disabled by
default (`-allowshell' enables them). I've just checked it:
the description in the man page reflects the actual
implementation ;-)

The source special feature has no known security issues
either (no shell commands are used to invoke the editor,
but explicit forks).

Best regards
Stefan Ulrich