Sicherheit von TeX-Dateien
Ausgehend von einem MikTeX Bug hat Chr. Schenk auf einen Vortrag hingewiesen, in dem einige Sicherheitlücken von TeX-Dateien gezeigt werden:
http://www.usenix.org/event/leet10/tech/techAbstracts.html#Checkoway.
We show that malicious TEX, BIBTEX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by TEX’s Turing-complete macro language. This calls into doubt the conventional wisdom view that text-only data formats that do not access the network are likely safe. We build a TEX virus that spreads between documents on the MiKTEX distribution onWindows XP; we demonstrate data exfiltration attacks on web-based LATEX previewer services.
Nachtrag: Hier ist der Link zum entsprechenden Paper: http://cseweb.ucsd.edu/~hovav/dist/texhack.pdf.