I've read through "The TeXbook" and "TeX: The Program" and noticed that basic TeX has a virtual machine that should be fairly easy to get relatively secure by disallowing file reads/writes and limiting the number of main loop executions. LaTeX might be different, I'm still investigating eTeX.
Here are a few links about the topic:
After looking at the code a lot and reading "The TeXBook" and much more, I finally noted that this all can be made work securely by simply setting openin_any to p in the environment when running latex. Also needed is setrlimit() to limit the cpu usage of rendering and avoid infinite loops.
On Windows, this can also be achieved (see the runlimit binary we created), but there openin_any=p doesn't help since a path of C:\...\ isn't seen as an absolute path!
Also read this article: http://article.gmane.org/gmane.comp.tex.tetex.general/678 (and possibly the whole thread).
- use the --noghostscript command line option to disable calling gs for certain \special ... sequences.
- use the -R switch to run securely (not implemented but present in the texi file??)