# Texmf.cnf

Most options in texmf.cnf of modern TeX distributions are ok for ConTeXt (in former times you had to care for ConTeXt's huge memory needs yourself and occasionally set some additional paths). The one thing left:

ConTeXt likes TeX's "write18" function enabled to run MetaPost and some other tools in the background. That's a potential security risk (malicious TeX code could run any program with your user rights), so it's off (false) by default.

```shell_escape = t
```

If you don't want to take this security risk with all TeX code on your system, you might like to consider the following change to the appropriate line in texexec.ini:

```for  tetex  set  TeXPassString     to  -progname=context -shell-escape
```

(If yours is a non-tetex system, choose the appropriate line. If there are other options present, like --default-translate-file=cp8bit, then don't delete them!)

This will enable \write18 support per texexec job, and not system-wide. An administrator would therefore only have to worry about malicious ConTeXt code, and not about other TeX systems running. With the second modification, you can leave the shell_escape line in texmf.cnf commented out/false.

Hint for MikTeX users: The counterpart to texmf.cfg is miktex.ini.