System queries with Lua: l3sys-query

David Carlisle d.p.carlisle at
Sat Mar 9 01:34:32 CET 2024

On Fri, 8 Mar 2024 at 23:52, Karl Berry <karl at> wrote:

>     I think that's the wrong behaviour to be honest: I think that files
>     should be listed but not opened
> What good can come of being able to list dot files in restricted mode?
> Just seems like it makes it easier for bad guys.

well it's just that we added a --all option and if documenting it  it would
be nice to say its
like ls and ls -a but if the .files have to vanish depending on openin_any
documenting that's a bit weird
I suppose it could work to say if openin_any is not a then --all is no-op
so perhaps that's OK
There's probably not any actual use case for listing such a file from tex
if you have configured tex not to read
them so it doesn't really matter much in practice, as long as the end
result is documentable
(except I think reading . should always be allowed)

> But I don't feel absolutist about it. I won't reject adding l3sys-query
> to shell_escape_commands if you allow listing dot files :).
>     always \input ./foo.tex
>     . isn't a "dotfile" in that sense.
> No argument. Up to Nicola if she wants to change anything.
> Lacking user requests, if it were me, I probably wouldn't :).
>     to allow \input{|ls "*.tex"}  at least.
> Agreed in theory, but I'm not sure if there's any practical way for the
> quoting code to know the input is coming from a braced argument.

>     Or in fact _any_ syntax that
>     worked the same way in restricted and unrestricted shell escape.
> Agreed in theory, but the quoting code around shell escape is so
> tangled, and with so many Windows vs. Unix vs. engine special cases,
> that I fear to make any changes to it, ever.

Yes I thought you'd say that,  it's been that way for ages and changing
would be tricky (certainly I wouldn't suggest you change anything for 2024).
We can probably work around it but as you might guess trying to package a
for a user specified file listing that works reasonably plausibly in
windows and linux and
restricted and unrestricted mode is "interesting". I had read those quoting
rules in a previous lifetime
but still developing the script using --shell-escape until we were happy
with it, then locally adding it
to the safe list and finding it doesn't work _at all_ in restricted mode as
all the quotes vanished
was somewhat frustrating:-) But it mostly works again now so it's just a
bit weird not a show stopper
and we are not asking for tl2024 engine changes to argument quoting
 (Although there's a separate related question re texlua file globbing
Joseph asked on the luatex list)

> (web2c/lib/texmfmp.c, shell_cmd_is_allowed, normalize_quotes, etc.)
> Definitely can't make any changes in this area for this year, anyway.
> Any changes would have to start by making a comprehensive test suite for
> it, which would take considerable time in itself. (And which "should"
> have been done during development of the feature, but ... you know ...)
> Thanks/sorry,

No need to apologise, I think it can all be made to work, and possibly even
be useful it's just tex being tex:-)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tex-live mailing list.