System queries with Lua: l3sys-query

Karl Berry karl at
Sat Mar 9 00:52:11 CET 2024

    I think that's the wrong behaviour to be honest: I think that files
    should be listed but not opened

What good can come of being able to list dot files in restricted mode?
Just seems like it makes it easier for bad guys.

But I don't feel absolutist about it. I won't reject adding l3sys-query
to shell_escape_commands if you allow listing dot files :).

    always \input ./foo.tex
    . isn't a "dotfile" in that sense.

No argument. Up to Nicola if she wants to change anything.
Lacking user requests, if it were me, I probably wouldn't :).

    to allow \input{|ls "*.tex"}  at least.  

Agreed in theory, but I'm not sure if there's any practical way for the
quoting code to know the input is coming from a braced argument.

    Or in fact _any_ syntax that
    worked the same way in restricted and unrestricted shell escape.

Agreed in theory, but the quoting code around shell escape is so
tangled, and with so many Windows vs. Unix vs. engine special cases,
that I fear to make any changes to it, ever.

(web2c/lib/texmfmp.c, shell_cmd_is_allowed, normalize_quotes, etc.)

Definitely can't make any changes in this area for this year, anyway.
Any changes would have to start by making a comprehensive test suite for
it, which would take considerable time in itself. (And which "should"
have been done during development of the feature, but ... you know ...)


More information about the tex-live mailing list.