可以从不受信任的来源安全地执行TeX代码吗?

时间:2022-03-26 17:50:09

MediaWiki allows one to embed TeX math code that is rendered into images and posted into the Wiki pages. Is this safe? If one allows untrusted users to input TeX programs to be executed by an interpreter running in a web server, does it open the server up to being hacked by using the TeX interpreter to read files from the server's disks? Is there a way to execute untrusted TeX code safely?

MediaWiki允许人们嵌入TeX数学代码,该代码被渲染成图像并发布到Wiki页面中。这样安全吗?如果允许不受信任的用户输入要由Web服务器中运行的解释程序执行的TeX程序,是否通过使用TeX解释程序从服务器磁盘读取文件来打开服务器?有没有办法安全地执行不受信任的TeX代码?

3 个解决方案

#1


Obviously TeX is able to open and write files through normal operation, which is a possible attack vector. Putting the execution into a sandbox or jail should take care of that.

显然,TeX能够通过正常操作打开和写入文件,这是一种可能的攻击向量。将执行放入沙箱或*应该照顾到这一点。

Be sure to disable \write18, which allows a TeX source file to execute OS commands. There's no good reason to allow that mechanism.

请务必禁用\ write18,它允许TeX源文件执行OS命令。没有充分的理由允许这种机制。

As for the TeX interpreter itself, I'd say there is very little to worry about as it likely has the least significant bug count of any full-featured interpreter ever written. Some other part of your stack will be a far bigger target.

至于TeX解释器本身,我会说很少有人担心,因为它可能对任何功能齐全的解释器编写了最不重要的错误。堆栈的其他部分将是一个更大的目标。

#2


If your TeX distribution uses the Kpathsea library (it probably does), see the Security section in its documentation.

如果您的TeX发行版使用Kpathsea库(可能确实如此),请参阅其文档中的“安全性”部分。

#3


In theory, yes.
It depends on your TeX interpreter. If a security breach is found in the interpreter you're using and that security breach means that a user can execute arbitrary code then you have a problem.

从理论上讲,是的。这取决于您的TeX解释器。如果您正在使用的解释器中发现安全漏洞,并且安全漏洞意味着用户可以执行任意代码,那么您就会遇到问题。

#1


Obviously TeX is able to open and write files through normal operation, which is a possible attack vector. Putting the execution into a sandbox or jail should take care of that.

显然,TeX能够通过正常操作打开和写入文件,这是一种可能的攻击向量。将执行放入沙箱或*应该照顾到这一点。

Be sure to disable \write18, which allows a TeX source file to execute OS commands. There's no good reason to allow that mechanism.

请务必禁用\ write18,它允许TeX源文件执行OS命令。没有充分的理由允许这种机制。

As for the TeX interpreter itself, I'd say there is very little to worry about as it likely has the least significant bug count of any full-featured interpreter ever written. Some other part of your stack will be a far bigger target.

至于TeX解释器本身,我会说很少有人担心,因为它可能对任何功能齐全的解释器编写了最不重要的错误。堆栈的其他部分将是一个更大的目标。

#2


If your TeX distribution uses the Kpathsea library (it probably does), see the Security section in its documentation.

如果您的TeX发行版使用Kpathsea库(可能确实如此),请参阅其文档中的“安全性”部分。

#3


In theory, yes.
It depends on your TeX interpreter. If a security breach is found in the interpreter you're using and that security breach means that a user can execute arbitrary code then you have a problem.

从理论上讲,是的。这取决于您的TeX解释器。如果您正在使用的解释器中发现安全漏洞,并且安全漏洞意味着用户可以执行任意代码,那么您就会遇到问题。