Benjamin_Loison/overleaf
1
0
Code Issues 34 Packages Projects Wiki

How to safely compile arbitrary LaTeX code? #30

New Issue
Open
opened 2024-07-24 16:02:44 +02:00 by Benjamin_Loison · 5 comments
Benjamin_Loison commented 2024-07-24 16:02:44 +02:00
Owner
Copy Link

I have in mind https://www.overleaf.com/project/624bebbd68fefad2562d8b93.

Should ask a search engine the question as is.

Otherwise concerning arbitrary shell command execution I found the Stack Overflow question 3252957.

https://www.texdev.net/2009/10/06/what-does-write18-mean/

If I remember correctly for working with SVGs or/and PDFs Inkscape is involved and requires modifying Kile compilation parameters. Maybe svg-inkscape folders are related.

Maybe Settings > Configure Kile... > Tools > Build > Select a tool > PDFLaTeX > Choose a configuration for the tool PDFLaTeX > General > Options: --shell-escape.

To leverage #12.

I have in mind https://www.overleaf.com/project/624bebbd68fefad2562d8b93. Should ask a search engine the question as is. Otherwise concerning arbitrary shell command execution I found [the Stack Overflow question 3252957](https://stackoverflow.com/q/3252957). https://www.texdev.net/2009/10/06/what-does-write18-mean/ If I remember correctly for working with SVGs or/and PDFs Inkscape is involved and requires modifying Kile compilation parameters. Maybe `svg-inkscape` folders are related. Maybe *Settings* > *Configure Kile...* > *Tools* > *Build* > *Select a tool* > *PDFLaTeX* > *Choose a configuration for the tool PDFLaTeX* > *General* > *Options*: *--shell-escape*. To leverage #12.
Benjamin_Loison commented 2024-07-24 16:06:11 +02:00
Author
Owner
Copy Link

Related to Improve_websites_thanks_to_open_source/issues/713.

Related to [Improve_websites_thanks_to_open_source/issues/713](https://codeberg.org/Benjamin_Loison/Improve_websites_thanks_to_open_source/issues/713).
Benjamin_Loison commented 2024-07-24 22:30:56 +02:00
Author
Owner
Copy Link
\immediate\write18{pwd > pwd_output.txt}
\immediate\write18{/usr/bin/pwd > pwd_output.txt}

Source: the Stack Overflow answer 3253068

create a file next to the \LaTeX file.

Just printing the result of the command to the document is also interesting, see the Stack Overflow answer 3254927.

\input{|"date"}

makes quite clear what compilation the output is coming from.

If I remove Kile above compilation parameter I get File |date.tex' not found. \input{|"date"}` error that I was not having and no PDF is generated.

So the question is what correct usage do I have of this command and how can I only allow such usage?

Also have to pay attention with more external modifications with Overleaf usage, that I do not compile for instance when just opening Kile and it compiles automatically a potentially malicious change.

```bash \immediate\write18{pwd > pwd_output.txt} \immediate\write18{/usr/bin/pwd > pwd_output.txt} ``` Source: [the Stack Overflow answer 3253068](https://stackoverflow.com/a/3253068) create a file next to the $\LaTeX$ file. Just printing the result of the command to the document is also interesting, see [the Stack Overflow answer 3254927](https://stackoverflow.com/a/3254927). ```bash \input{|"date"} ``` makes quite clear what compilation the output is coming from. If I remove Kile above compilation parameter I get `File `|date.tex' not found. \input{|"date"}` error that I was not having and no PDF is generated. So the question is what correct usage do I have of this command and how can I only allow such usage? Also have to pay attention with more external modifications with Overleaf usage, that I do not compile for instance when just opening Kile and it compiles automatically a potentially malicious change.
Benjamin_Loison commented 2024-07-24 23:04:34 +02:00
Author
Owner
Copy Link

What about pdflatex command? Knowing this may help #31.

What about `pdflatex` command? Knowing this may help #31.
Benjamin_Loison commented 2024-07-25 14:59:37 +02:00
Author
Owner
Copy Link

Related to Benjamin-Loison/latex2e/issues/10.

Related to [Benjamin-Loison/latex2e/issues/10](https://github.com/Benjamin-Loison/latex2e/issues/10).
Benjamin_Loison commented 2024-07-28 04:25:49 +02:00
Author
Owner
Copy Link

Related to overleaf/wiki/Server-Pro:-Sandboxed-Compiles/156e2d963dcba80b7047491eb58993b84479e725, #20 and #10.

Related to [overleaf/wiki/Server-Pro:-Sandboxed-Compiles/156e2d963dcba80b7047491eb58993b84479e725](https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles/156e2d963dcba80b7047491eb58993b84479e725), #20 and #10.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Loison/overleaf#30
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?