texlua-based tool and restricted shell escape
Karl Berry
karl at freefriends.org
Tue Feb 20 23:16:04 CET 2024
Hi Joseph,
In the notes for the upcoming TL'24 version of LuaTeX, it seems that lfs
functions should be able to work safely in restricted shell escape mode.
Is that a fair reading?
Yes. That's exactly the goal. I won't be surprised if there is some
nefarious way to get around the protections (testers welcome), but we
did our best. (Luigi and Marcel did all the real work; thanks, guys.)
wondering about putting together a Lua-based script that would do the
A Lua-based texosquery would be most welcome as far as I'm concerned. I
see no problem, in principle, with including it in
shell_escape_commands. I don't see any real difference between providing
functionality in language X vs. language Y. (Pace memoize-extract.pl
vs. .py ...)
Nicola did good work with the Java texosquery, but she and I knew all
along that Java is, as you say, "non-ideal" for portability.
Whether the equivalent of "ls" (what texosquery does) should be an
allowed operation is another discussion. I admit I can't remember
Nicola's argument for why it was ok to allow this, but evidently she
convinced me :). --best, karl.
More information about the tex-live
mailing list.