Correct me if I am wrong but I suppose that users of moodle cannot execute any php code they want... through file system (repository) of moodle. If I remember correct for example php files that you upload to moodledata with file upload are handled as text files - not php files. On the other hand tex filter does sanitize the code that it sends to executable latex binaries and Imagemagick/Ghostscript.
The risk of some kind of attack might be similar to allowing your teachers to add/use any custom javascripts, flash files or iframes - they make some attack types possible but it does not mean that your teachers could hack your site.
And if you don't want to allow functions like system() or shell_exec() that tex filter is using you can use some other math renderers like javascript based MathJax
Mauno,
You probably do not require exec() or system() to work with repository. I could access alfresco with all these functions disabled. I think only TeX filter requires escape to shell
That's exactly the point - users of moodle should never be able to upload such attack files and use these functions in custom php files directly for attacks (with malicious code execution / injection). Current tex filter is using these function for executing the commands that are properly sanitized by tex filter before they are executed...
In my opinion this is mainly a question of trusting the code you use and let your site users upload to your site - and not using such unknown/non tested code that you don't trust. Listing possibly vulnerable functions and starting to disable all such functions that could be somehow used in a malicious way makes the whole php pretty useless - see http://stackoverflow.com/questions/3115559/exploitable-php-functions
If you don't need tex filter you can as well disable these functions of php.
Tex filter needs to execute the latex (and png convert) binaries to create the tex images but you don't need to use tex filter.
Thanks Mauno,
I am probably more clearer now.
regards