texlua-based tool and restricted shell escape
Joseph Wright
joseph.wright at morningstar2.co.uk
Tue Feb 20 16:45:30 CET 2024
On 20/02/2024 15:37, Reinhard Kotucha wrote:
> On 2024-02-20 at 13:09:37 +0000, Joseph Wright wrote:
>
> > Hello all,
> >
> > In the notes for the upcoming TL'24 version of LuaTeX, it seems that lfs
> > functions should be able to work safely in restricted shell escape mode.
> > Is that a fair reading?
> >
> > The reason for asking is that the idea of listing files from within the
> > TeX run came up (https://tex.stackexchange.com/questions/709934), and
> > prompted me to look back at some L3 code that allows
> > platform-independent queries for the file structures, but which needs
> > unrestricted shell escape.
> >
> > David C. reminded me that texosquery is allowed in restricted shell
> > escape mode, but it needs Java and is non-ideal. I was therefore
> > wondering about putting together a Lua-based script that would do the
> > same things, and thus would be easier to rely on. But that's only
> > worthwhile if it can be used without needing unrestricted shell escape.
>
> Hello Joseph,
> maybe you can add the name of your script to the list of trusted
> programs. They are listed in a variable called shell_escape_commands
> in texmf-dist/web2c/texmf.cnf.
Well yes, locally, but the question is whether this is viable at a
distribution level.
Joseph
More information about the tex-live
mailing list.