1

For certain packages to work properly, it seems to be necessary to enable the option --shell-escape, for example with pdflatex and auto-pst-pdf. I am informed that it enables external programs to interact with the engine, in the case of auto-pst-pdf a perl-script, and that this possibility is otherwise not enabled per default.

My question is: What are the dangers or known negative effects of setting this option as a standard?

(Two related questions could be: What is the exact reason this is set per default? Wouldn´t it be desirable to enable pdflatex to interact with external programs per default?)

The reason I am asking this is that I have know set --shell-escape as the standard in my editor. It is necessary for me to do this for certain documents, and I don`t want to bother thinking about it with every new document.

Kubo
  • 368
  • It would be helpfull to edit your question and add the urls of related using https://tex.meta.stackexchange.com/questions/2456/automatic-questions-title-insertion-with-link – koleygr Aug 27 '17 at 01:58
  • It is a security risk. It means that when you compile a document, *any* external programme can be run for *any* purpose. So, it could delete all your documents (not system files unless you are really stupid and do it as admin/root). Or it could connect to the internet and download a pizza. Anything you could do as the user running the compilation, code in your document or any code you load (packages, classes etc.) could do. – cfr Aug 27 '17 at 02:01
  • Possible answer is here too (Same things as @cfr saying) https://tex.stackexchange.com/questions/88740/what-does-shell-escape-do ->So... possible duplicate as far as the answer of that question answers to you too – koleygr Aug 27 '17 at 02:04
  • Yes it is. Shit. I´ll close it. – Kubo Aug 27 '17 at 02:13
  • https://tex.stackexchange.com/questions/4589/what-analysis-of-texlives-restricted-permissions-model-exists, https://tex.stackexchange.com/questions/202653/destructive-code-by-style-file, https://tex.stackexchange.com/questions/279044/tex-live-package-security, https://tex.stackexchange.com/questions/134656/full-version-of-tex-live-malware-checked etc. – cfr Aug 27 '17 at 02:14

0 Answers0