[tex-k] xdvi 22.40i status

Paul Vojta vojta@Math.Berkeley.EDU
Thu, 11 Apr 2002 13:08:48 -0700 (PDT)

> From ulrich@www.elexir.de Wed Apr 10 10:25:06 2002
> From: Stefan Ulrich <stefan.ulrich@elexir.de>
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Date: Wed, 10 Apr 2002 19:26:08 +0200
> To: "M. Shell" <mshell@ece.gatech.edu>
> Cc: tex-k@tug.org
> Subject: Re: [tex-k] xdvi 22.40i status
> [ Executive summary for Paul:
>   The problem is with ghostscript 7.04 forbidding access to paths
>   containing ../, and ghostscript 7.20 forbidding read access to
>   *all* files in -dSAFER mode, unless the file name comes from
>   the command line. This will break all xdvi .eps display code,
>   unless users turn off -dSAFER.
> ]


Probably the best way around the problem would be for xdvi to send all
files over the pipe, instead of sending "(filename) run".
I'll try it out to see if there's a serious performance hit.

Since xdvi allows you to do \special{"<arbitrary PostScript code>},
the proposed solution of having xdvi only run files in safe mode is not
secure enough (but it may be at least as secure as what we have now).

The idea of doing a save and then turning on -dSAFER would not be sufficient,
because rogue code may access the save object.

Gs doesn't need to keep -dSAFER around just because xdvi calls it with
that command line argument.  -dANYTHING just defines a variable, and if
nothing accesses that variable, then there's no harm.