We implemented the online service where it is possible to generate PDF with predefined
structure. The user can choose a LaTeX template and then compile it with an appropriate inputs.
The question we worry about is the security, that the malicious user was not able to gain shell access through the injection of special instruction into latex document.
We need some workaround for this or at least a list of special characters that we should strip from the input data.
Preferred language would be PHP, but any suggestions, constructions and links are very welcomed.
PS. in few word we’re looking for mysql_real_escape_string for LaTeX
The only possibility (AFAIK) to perform harmful operations using LaTeX is to enable the possibility to call external commands using
\write18. This only works if you run LaTeX with the –shell-escape or –enable-write18 argument (depending on your distribution).So as long as you do not run it with one of these arguments you should be safe without the need to filter out any parts.
Besides that, one is still able to write other files using the
\newwrite,\openoutand\writecommands. Having the user create and (over)write files might be unwanted? So you could filter out occurrences of these commands. But keeping blacklists of certain commands is prone to fail since someone with a bad intention can easily hide the actual command by obfusticating the input document.Edit: Running the LaTeX command using a limited account (ie no writing to non latex/project related directories) in combination with disabling
\write18might be easier and more secure than keeping a blacklist of ‘dangerous’ commands.