[tex-k] BiDi Trojan Source Code

Karl Berry karl at freefriends.org
Tue Nov 2 22:12:50 CET 2021

    I think it might be worth prohibiting writing to dot files 

This has been the case (by default) for decades.

    and/or the home directory as a matter of safety.

It's not possible, per se. People routinely create and run .tex files in
their home dir.

What we did instead is to (by default) prohibit writing to any parent
directory, or to any absolute path that is not under $TEXMFOUTPUT.

It's the openout_any setting in texmf.cnf that controls this. -k

More information about the tex-k mailing list.