[tex-live] running tex and lua under restricted shell escape

[Karl Berry]

    wouldn't the issues with libraries and file writing be just the same
    as a top level lualatex call?

The difference is that programs enabled by shell_escape should be safe
for someone to download an arbitrary document, e.g. written by someone
else, and process with tex, and be reasonably assured that nothing
terrible will happen.

Whereas at the top level, the user is doing the invoking, so they are
assuming some risk :).  

shell_escape came into being earlier than luatex.  I admit I hadn't
really thought about it before.  Without Lua in the picture, the
defaults for shell_escape stuff are a decent attempt at being secure, as
far as I know.  I doubt anyone would want Lua(TeX) to be crippled so as
to make lua(la)tex invocations secure by default, which seems like what
it would boil down to.

Thus, anyone invoking lualatex from the cmdline (or through their GUI)
should know (in theory anyway) that Lua can do all kinds of things and
results cannot be guaranteed.  I'm not sure if we can do better.

Hmm.

Thanks,
K