Neil wrote:
We should also be really cautious about TeX doing
insecure things. Is
there a subset of TeX syntax we could parse and validate before we
pass it to TeX?
There are two dangerous commands in TeX: the ability to write to
arbitrary files, and the ability to call shell scripts. Both are
disabled in all standard TeX distributions. Parsing and validating is
thus not necessary (and next to impossible without reimplementing a
good chunk of TeX). We have to start TeX in a temporary directory
which is cleaned out afterwards, and we have to guard against
run-away TeX processes which eat time and/or memory. The TeX process
needs to have its resources limited.
See also the discussion at
http://groups.google.com/groups?threadm=d55ab765.0111091929.1e4b9af4%40post…
Axel