Hacker News new | past | comments | ask | show | jobs | submit login

It's 2016 and someone only now realised LaTeX documents can execute arbitrary code?



There are a number of articles about that, for example in the TeX User's Group's magazine and on the TeX StackExchange. And the developers have been aware of, and taken steps about it, many years ago.

For example, TeX Live ships with write18 disabled.


I'm using MikTeX, and it has also write18 disabled. I thought it was the default configuration for most distributions.


At this point there are really only the two distributions, TeX Live (the basis for the distribution for many other platforms, including the Mac) and MikTeX on Windows.


I don't usually link to xkcd cartoons, but this seems like a perfect case. Every day I have new students learning Latex, sharing documents with each other. No guide to latex ever says "hey, don't trust documents people send you, they can p0wn you"

    https://xkcd.com/1053/




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: