[tex-live] running tex and lua under restricted shell escape
Karl Berry
karl at freefriends.org
Sun Feb 14 00:16:43 CET 2016
But my understanding is that recent luatex _does_ prevent lua from
using os.execute and similar commands using the same texmf.cnf
settings as write18
1) I wasn't aware of this. All to the good.
2) If dynamic library loading is enabled by default, any theory of
enhanced security is chimerical, as far as I can see.
3) Besides \write18 restrictions, there is openout_any to be considered.
If Lua is allowed to write to any file anywhere ... I have to wonder
about network access too, which is not an issue with any other TeX.
That is the most common way to spread viruses and such, after all.
Thanks,
Karl
More information about the tex-live
mailing list