[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AUCTeX] Preview of math / new ghostscript

From: David Kastrup
Subject: Re: [AUCTeX] Preview of math / new ghostscript
Date: Wed, 08 Nov 2017 11:43:03 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

Ralf Angeli <address@hidden> writes:

> On 2017-10-22 19:55, David Kastrup wrote:
>> More of a problem of how Ghostscript works.  It has a safer mode, and
>> for interactive mode, it must be possible to enter and exit it in
>> some manner.  Ghostscript changes the details every few releases.  I
>> think that the last few changes had been tracked and fixed by Ralf.
> That might be, but I doubt my fixes had much to do with the internals
> of Ghostscript.  So I'm sorry to say that I won't be of much help
> here.

I committed a fix to master.  It turned out after quite a bit of back
and forth that the details I remembered were stale: preview-latex had
already previously been engineered to not requiring coming back from
SAFER mode once entered.

So .runandhide was no longer used in a security-relevant manner and
could be replaced by code that did the hiding "in plain sight", namely a
variable.  That's ugly but not an exploit as it would have been in the
case I remembered: as opposed to how it was in olden times, the hidden
expression cannot be used for jail breaking.

So it turns out I engaged my less than convincing shark teethed charm
more than called for (for the purposes of AUCTeX at least) this time.

David Kastrup

reply via email to

[Prev in Thread] Current Thread [Next in Thread]