Timothy Madden
2011-09-23 12:35:56 UTC
Hello
I do not know if the devel list would be more appropriate for this
question, but here it is.
Could a safe (restricted) version of the aspell command be created, so
aspell can be allowed to run from LaTeX documents at processing time ?
The shell commands that TeX can run with \write 18 {cmd ...} are
restricted by default to a very limited set of TeX tools (bibtex,
kpathsewhich, makeindex, repstopdf), because .tex files are much used as
a document interchange format for scientific and research papers, and it
would be a security problem if such files could simply start executing
any shell commands on the user's computer.
Could a restricted version of aspell be created, known to be safe to
run on the command line without harming the computer no matter what the
given command line is ?
Such a restricted version would have to:
- not allow further shell commands from the user or from the command line
- never change any settings (aspell or not), or other files
- need no input/output redirection operators (>, >>, <, <<) in order to
create an additional dictionary or to check a file (that is, it should
be possible to get the file names from the command line and otherwise
run non-interactively). Standard input/output could still be used if so
specified on the command line
- follow the TeX kpathsea openout_any restrictions, that is: only write
to an output file that is below, or in, the current directory in the
file system directory hierarchy. An attempt to go up that directory by
writing a path with ../ as path components should not be allowed. As an
additional security, the current directory may not be a root directory.
- a similar restriction may be needed on input files, since TeX has an
option for it, but currently the option is not enabled by default
- should be quite configurable on the command line, that is an
additional dictionary or settings file can be added on the command line,
and the user default ones can also be excluded if needed, but no such
input files can make the restricted aspell command write to output files
outside the current directory hierarchy.
- should allow an input file with a list of excluded words, or should
allow creation and usage of a local dictionary for this purpose, since
most LaTeX documents are technical papers, with lots of uncommon words
or abbreviations.
- should be able to run non-interactively, that is it should be
possible to only check a file, and not to also correct it.
Such a version of aspell could than safely be allowed to run from the
TeX \write 18 {cmd ...} primitive, and a LaTeX package for aspell could
be created, that would allow authors to rest assured that the documents
they work hard on are automatically checked for spelling at processing time.
Such a package could automatically add/remove tex commands for checking
by aspell, could allow users to add their own commands, and could handle
the list of special terms or excluded words. Of course, very large
documents like actual books should not be checked for spelling on
/every/ run, so the package would need to also be enabled, (not only
included) with some optional "enable" keyword given with the \usepackage
command in TeX.
I think both products could benefit from such a "safe" version of aspell.
Thank you,
Timothy Madden
I do not know if the devel list would be more appropriate for this
question, but here it is.
Could a safe (restricted) version of the aspell command be created, so
aspell can be allowed to run from LaTeX documents at processing time ?
The shell commands that TeX can run with \write 18 {cmd ...} are
restricted by default to a very limited set of TeX tools (bibtex,
kpathsewhich, makeindex, repstopdf), because .tex files are much used as
a document interchange format for scientific and research papers, and it
would be a security problem if such files could simply start executing
any shell commands on the user's computer.
Could a restricted version of aspell be created, known to be safe to
run on the command line without harming the computer no matter what the
given command line is ?
Such a restricted version would have to:
- not allow further shell commands from the user or from the command line
- never change any settings (aspell or not), or other files
- need no input/output redirection operators (>, >>, <, <<) in order to
create an additional dictionary or to check a file (that is, it should
be possible to get the file names from the command line and otherwise
run non-interactively). Standard input/output could still be used if so
specified on the command line
- follow the TeX kpathsea openout_any restrictions, that is: only write
to an output file that is below, or in, the current directory in the
file system directory hierarchy. An attempt to go up that directory by
writing a path with ../ as path components should not be allowed. As an
additional security, the current directory may not be a root directory.
- a similar restriction may be needed on input files, since TeX has an
option for it, but currently the option is not enabled by default
- should be quite configurable on the command line, that is an
additional dictionary or settings file can be added on the command line,
and the user default ones can also be excluded if needed, but no such
input files can make the restricted aspell command write to output files
outside the current directory hierarchy.
- should allow an input file with a list of excluded words, or should
allow creation and usage of a local dictionary for this purpose, since
most LaTeX documents are technical papers, with lots of uncommon words
or abbreviations.
- should be able to run non-interactively, that is it should be
possible to only check a file, and not to also correct it.
Such a version of aspell could than safely be allowed to run from the
TeX \write 18 {cmd ...} primitive, and a LaTeX package for aspell could
be created, that would allow authors to rest assured that the documents
they work hard on are automatically checked for spelling at processing time.
Such a package could automatically add/remove tex commands for checking
by aspell, could allow users to add their own commands, and could handle
the list of special terms or excluded words. Of course, very large
documents like actual books should not be checked for spelling on
/every/ run, so the package would need to also be enabled, (not only
included) with some optional "enable" keyword given with the \usepackage
command in TeX.
I think both products could benefit from such a "safe" version of aspell.
Thank you,
Timothy Madden