[tex-live] running tex and lua under restricted shell escape

Karl Berry karl at freefriends.org
Fri Feb 12 00:26:12 CET 2016

    How feasible would it  be to allow *tex and texlua to run under
    restricted shell escape?

The problems I thought of (and put in texmf.cnf comments) back when we
created --shell-escape were that a) the --shell-escape option itself
must be disabled, and b) openout_any must be forced to "p", even if the
openout_any value for the top level tex is something else.  openin_any
should probably also be p.

And ... do I want to create new rENGINE binaries for (m)any values of
ENGINE, with all the concomitant pain and confusion?  Not at all ...

Beyond that, for Lua specifically, although I know that Lua was designed
to be a secure embedded language, it would take a lot of effort to
research and disable possible "exploits" in such a context.  For
starters, obviously dynamic library loading must be disabled, arbitrary
file reading/writing, and who knows what else (not me)...

If the practical goal is to use luatex features in other tex's, maybe
some crippled form of texlua, specifically, could be created (not by me)
and allowed.  But is that useful enough to be worth the trouble?  If
nothing else, the performance would be pretty awful, even on today's
machine, even given everything, so couldn't use it in even moderately
intensive contexts, I suspect.



More information about the tex-live mailing list