This patch disables the following exploit, described by
Joey Hess <joeyh@debian.org>:

Here's the scenario where latex2html's undocumented --test_mode switch
could be used by a lucky attacker to take over another user account.
Let's assume that the target machine uses /home/users/ as its home
directory, or alternatively, that someone has NMUed latext2html.

As a first step, the attacker must convince the admin to give them an
account on the machine, with a username of "aure" (or, if it's been
NMUed, "joey" or the like).
	
	"Hi Bob, this is John over in tech support. I wonder if I could
	 have a second username on the Debian server -- I'm playing some
	 MUD games after work (company policy says it's ok), and I don't
	 want to telnet in from my official work account. My user name
	 on the MUD is 'aure'. No, I'm not playing a girl. :-P Thanks and
	 I'll tell you all about this MUD thing at the barbeque on Friday!"

Next, the attacker has to set up
Projets/debian/latex2html-2000-beta1/texexpand, which is the program
that will be executed by perl, and some of the other files referred to
around line 429 of /usr/bin/latex2html. The dummy texexpand can do
something like set up a suid shell for him to use later. Then it can go
do something interesting to cover its tracks. In this case, it finds the
user's tty and runs the bb demo on it, and then logs the user out.

Now he has one more social hack to pull off.

	"Hi Mary, this is John.. How're the kids? I know you don't do
	 much with the Debian server except that accounting stuff but Bob
	 told me about a cute animation on the server. Something about
	 "dynamically generated latext html animations", it went over my
	 head but it sure is purty. The command to run to see it is
	 "latex2html --text_mode". Neat eh?"

--- latex2html.orig	2003-10-16 23:14:15.000000000 +0200
+++ latex2html	2003-10-16 23:17:22.000000000 +0200
@@ -442,2 +442,3 @@
 if ($opt{test_mode}) {
+    return; # make /usr/bin/latex2html non-exploitable
     $TITLE = 'LaTeX2HTML Test Document';