# Introduction # Eventually it may be possible to allow LaTeX gurus the ability to submit LaTeX source files and compile them, then return the pdf to the user. This is dangerous since a malicious user could read and write server files. Security considerations: http://www.tug.org/TUGboat/tb31-2/tb98doob.pdf # LaTeX Configuration # From [Tex.Stack Exchange](http://tex.stackexchange.com/a/10453/2148), the most important options in `texmf.cnf` to restrict TeX behaviour include: shell_escape = p shell_escape_commands = \ bibtex,bibtex8,dvips,epstopdf,epspdf,etex,fc-match,\ imgconvert,\ kpsewhich,makeindex,mkgrkindex,\ pdfluatex,ps2pdf,ps4pdf,pstopdf,pygmentize,\ rpdfcrop,texindy,xindy,ulqda\ shell_escape.tex = f shell_escape = f % a (any) : any file can be opened. % r (restricted) : disallow opening "dotfiles". % p (paranoid) : as 'r' and disallow going to parent directories, and % restrict absolute paths to be under $TEXMFOUTPUT. openout_any = r openin_any = p % Allow TeX and MF to parse the first line of an input file for % the %&format construct. parse_first_line = t % These values are ignored if the script names are changed; e.g., if you % set DVIPSMAKEPK to `foo', what counts is the value of the environment % variable/config value `FOO', not the `MKTEXPK' value. % % MKTEXTEX = 0 % MKTEXPK = 0 % MKTEXMF = 0 % MKTEXTFM = 0 % MKTEXFMT = 0 % MKOCP = 0 % MKOFM = 0 These determine whether files are generated when needed, which can prolong compilation.