[tex-live] running tex and lua under restricted shell escape

David Carlisle d.p.carlisle at gmail.com
Sat Feb 13 13:15:00 CET 2016


On 13 February 2016 at 00:04, Karl Berry <karl at freefriends.org> wrote:
>     wouldn't the issues with libraries and file writing be just the same
>     as a top level lualatex call?
>
> The difference is that programs enabled by shell_escape should be safe
> for someone to download an arbitrary document, e.g. written by someone
> else, and process with tex, and be reasonably assured that nothing
> terrible will happen.
>
> Whereas at the top level, the user is doing the invoking, so they are
> assuming some risk :).
>
> shell_escape came into being earlier than luatex.  I admit I hadn't
> really thought about it before.  Without Lua in the picture, the
> defaults for shell_escape stuff are a decent attempt at being secure, as
> far as I know.  I doubt anyone would want Lua(TeX) to be crippled so as
> to make lua(la)tex invocations secure by default, which seems like what
> it would boil down to.
>
> Thus, anyone invoking lualatex from the cmdline (or through their GUI)
> should know (in theory anyway) that Lua can do all kinds of things and
> results cannot be guaranteed.  I'm not sure if we can do better.
>

But my understanding is that recent luatex _does_ prevent lua from
using os.execute
and similar commands using the same texmf.cnf settings as write18 so
with details to be determined
it's not so different from running classic tex.

David


> Hmm.
>
> Thanks,
> K


More information about the tex-live mailing list