LaTeX security considerations

Question

I have a plan to develop a publically accessible interface that will allow users to push git repositories to a server and have the server compile the latex sources in the repository and return the generated file(s). What I am wondering are what security issues I might need to be aware of?

The plan so far is:

• Use a separate low privilege user account to compile the LaTeX.
• As each project will be in it's own repository the compilation will occur in it's own subdirectory as recommended here.

Answer 1

I think security should be taken into account when compiling latex files as this post seems to indicate: http://johannes.sipsolutions.net/Projects/new-moinmoin-latex/security-considerations

Answer 2

Hello,

You are planning on taking user data, and running it through LaTeX in order to generate documents. This is potentially another facet of the security issue of using unescaped user data as executable code. This is an issue with anything built on top of Turing's architecture - data and instructions are interchangeable. Without this, our machines would be less powerful.

So, what would a user need to do in order to compromise your system? They would need to figure out a way to compromise LaTeX based on controlling the inputs. Then, they would need a way to escalate privileges from the LaTeX user to whatever user level they would need to accomplish their objectives.

What would the objectives of the attacker be? Why would I want to specifically target your system, as compared to much easier, lower hanging fruit? Are you planning on doing something else on your site, like processing credit card payments, hosting classified documents, or offending some sort of religious / ethnic / cultural minority? If I were you, I would take the precautions you mentioned (low level user account), and maybe spend 15 minutes thinking about if escaping user data in the context of LaTeX makes sense, and then go ahead with it. No one is going to spend the time and resources jacking with you, unless it is as a purely academic exercise. There are many things that would be a lot easier with a higher payoff.

Go for it. If you become successful, then you can re-engineer your system for all the needs you learned with the first build. If you're not successful, and you don't have any users, money or any other metric of success, then you will be happy you saved so much time on over-engineering a problem.

Butler Lampson said : Plan to throw one away; you will anyhow. If there is anything new about the function of a system, the first implementation will have to be redone completely to achieve a satisfactory (that is, acceptably small, fast, and maintainable) result.

The only addition to this I would say is small, fast, maintainable and secure.

Brian J. Stinar

Answer 3

you've got to take the \write18 into consideration, as it can execute system scripts!