Previous Up Next

3 Safety concerns when using the Active-DVI previewer


Active-DVI may execute programs and commands embedded into the DVI file. Hence, when playing a DVI file from an untrusted source, you should run advi with the -safer option that inhibits the execution of embedded applications. This warning applies in particular if you choose Active-DVI as your default meta-mail previewer for the application/x-dvi mime-type.

The default safety option is the -ask option: it tells Active-DVI to ask the user each time it must launch an application. (Note that in such a case Active-DVI asks only once to launch a given application: it remembers your previous decisions concerning the command and acts accordingly for the rest of the presentation.)

The second safety option is the above mentioned -safer option: it completely inhibits the execution of embedded applications.

The last safety option is -exec: if you call advi -exec, advi automatically and silently launches all embedded applications (this is useful to play your own presentations without the burden of answering yes to Active-DVI’s questions).

As mentioned, the safe -ask option is the default, automatically set when nothing has been explicitly specified by the user. If desired, the default safety option can be set via initialization files, either on a system large scale by the machine administrator (in the file /etc/advirc), on a local scale by individual users (setting the default policy for that user), or even on a per directory basis (setting the default policy to show DVI files in this directory)! (This last option is convenient to gracefully run your own talks, while still being cautious when running talks from others.)

Previous Up Next