texlua-based tool and restricted shell escape
Joseph Wright
joseph.wright at morningstar2.co.uk
Wed Feb 21 08:18:24 CET 2024
On 21/02/2024 00:10, Reinhard Kotucha wrote:
> On 2024-02-20 at 15:16:04 -0700, Karl Berry wrote:
>
> > Whether the equivalent of "ls" (what texosquery does) should be an
> > allowed operation [...]
>
> Is this Java related?
>
> In my texlua scripts I can read and write files, list contents of
> directories, etc. Of course, all limited by the settings of
> openin_any and openout_any.
The question is whether one should be able to access that information
using restricted shell escape - I hope that it makes sense, and in that
sense it's independent of the language involved. But the details of the
security setup do depend on how it's implemented.
Joseph
More information about the tex-live
mailing list.