MediaWiki allows one to embed TeX math code that is rendered into images and posted into the Wiki pages. Is this safe? If one allows untrusted users to input TeX programs to be executed by an interpreter running in a web server, does it open the server up to being hacked by using the TeX interpreter to read files from the server's disks? Is there a way to execute untrusted TeX code safely?
A:
In theory, yes.
It depends on your TeX interpreter. If a security breach is found in the interpreter you're using and that security breach means that a user can execute arbitrary code then you have a problem.
shoosh
2009-01-21 22:09:08
+4
A:
Obviously TeX is able to open and write files through normal operation, which is a possible attack vector. Putting the execution into a sandbox or jail should take care of that.
Be sure to disable \write18, which allows a TeX source file to execute OS commands. There's no good reason to allow that mechanism.
As for the TeX interpreter itself, I'd say there is very little to worry about as it likely has the least significant bug count of any full-featured interpreter ever written. Some other part of your stack will be a far bigger target.
Jon Ericson
2009-01-21 22:17:54
Reasons to allow \write18 do exist--for trusted documents, of course. dot2tex, for example.
Roman Odaisky
2009-07-11 20:14:53
+2
A:
If your TeX distribution uses the Kpathsea library (it probably does), see the Security section in its documentation.
Jouni K. Seppänen
2009-01-22 07:24:44
An excellent suggestion. From the sound of it, TeX wouldn't need that many files to perform the task suggested by the questioner, but other uses might open up quite a bit of the host system.
Jon Ericson
2009-01-24 00:36:38