0

Not using --shell-escape sandboxes pdflatex to some degree. Still, it is perfectly possible for it to, for instance, open and read files, e.g. through \input or Tex primitives such as \read.

Is there a list of Tex primitives and LaTeX macros which, if blacklisted, will prevent pdflatex from reading or writing to files, and more generally will effectively sandbox it? I am especially interested in the case that the tikz or xymatrix packages are used.

Things like \def should presumably be blacklisted, as well as use of packages, and programming constructs like \if and \loop.

On a related note, even if one does not prevent file reading, if one blacklists ../, ~/, /etc/, /home/, and so on, is it possible to prevent pdflatex from leaving the working directory on a linux machine?

user181983
  • 1
  • Even in 'simple' cases, LaTeX reads the kernel and the class file, reads and writes auxiliary files (regular aux files and for bibliographies, glossaries, list of X, etc), produces an output pdf/dvi, reads graphics files, etc. Some of these may be more of a security issue than others, and some may limit usability more than others, but effectively sandboxing seems to be infeasible and undesired from a practical point of view. It is probably easier to protect the filesystem from within the filesystem, i.e., with suitable file permissions. – Marijn Feb 20 '19 at 15:13
  • The topic has been discussed from many angles see for example related on the right e.g. https://tex.stackexchange.com/questions/264172/how-can-i-prevent-latex-from-doing-something-bad-to-my-computer?rq=1and search the word security above. Bottom line is sandbox another sandbox e.g. per dalief "sort of forks the process, compiles in a child and adds a timer." from https://tex.stackexchange.com/questions/262625/security-latex-injection-hack?noredirect=1&lq=1 –  Feb 20 '19 at 15:17
  • Thanks, yes, found that link just after posting, it is exactly what I'm looking for security-wise. But perhaps the question can still be interesting if taken as-is? – user181983 Feb 22 '19 at 19:56

0 Answers0