System queries with Lua: l3sys-query
David Carlisle
d.p.carlisle at gmail.com
Sat Mar 9 01:34:32 CET 2024
On Fri, 8 Mar 2024 at 23:52, Karl Berry <karl at freefriends.org> wrote:
> I think that's the wrong behaviour to be honest: I think that files
> should be listed but not opened
>
> What good can come of being able to list dot files in restricted mode?
> Just seems like it makes it easier for bad guys.
>
well it's just that we added a --all option and if documenting it it would
be nice to say its
like ls and ls -a but if the .files have to vanish depending on openin_any
documenting that's a bit weird
I suppose it could work to say if openin_any is not a then --all is no-op
so perhaps that's OK
There's probably not any actual use case for listing such a file from tex
if you have configured tex not to read
them so it doesn't really matter much in practice, as long as the end
result is documentable
(except I think reading . should always be allowed)
> But I don't feel absolutist about it. I won't reject adding l3sys-query
> to shell_escape_commands if you allow listing dot files :).
>
> always \input ./foo.tex
> . isn't a "dotfile" in that sense.
>
> No argument. Up to Nicola if she wants to change anything.
> Lacking user requests, if it were me, I probably wouldn't :).
>
> to allow \input{|ls "*.tex"} at least.
>
> Agreed in theory, but I'm not sure if there's any practical way for the
> quoting code to know the input is coming from a braced argument.
>
> Or in fact _any_ syntax that
> worked the same way in restricted and unrestricted shell escape.
>
> Agreed in theory, but the quoting code around shell escape is so
> tangled, and with so many Windows vs. Unix vs. engine special cases,
> that I fear to make any changes to it, ever.
>
Yes I thought you'd say that, it's been that way for ages and changing
things
would be tricky (certainly I wouldn't suggest you change anything for 2024).
We can probably work around it but as you might guess trying to package a
command
for a user specified file listing that works reasonably plausibly in
windows and linux and
restricted and unrestricted mode is "interesting". I had read those quoting
rules in a previous lifetime
but still developing the script using --shell-escape until we were happy
with it, then locally adding it
to the safe list and finding it doesn't work _at all_ in restricted mode as
all the quotes vanished
was somewhat frustrating:-) But it mostly works again now so it's just a
bit weird not a show stopper
and we are not asking for tl2024 engine changes to argument quoting
(Although there's a separate related question re texlua file globbing
Joseph asked on the luatex list)
> (web2c/lib/texmfmp.c, shell_cmd_is_allowed, normalize_quotes, etc.)
>
> Definitely can't make any changes in this area for this year, anyway.
> Any changes would have to start by making a comprehensive test suite for
> it, which would take considerable time in itself. (And which "should"
> have been done during development of the feature, but ... you know ...)
>
> Thanks/sorry,
>
No need to apologise, I think it can all be made to work, and possibly even
be useful it's just tex being tex:-)
Karl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20240309/4f44e004/attachment.htm>
More information about the tex-live
mailing list.