[luatex] io.popen security (was: slow io.popen)
Stephan Hennig
mailing_list at arcor.de
Mon Jan 28 23:23:59 CET 2013
Am 27.01.2013 11:37, schrieb Taco Hoekwater:
> The extra slowness on linux is as expected: texlua has some extra
> code in io that is needed for 'luatex' mode,
While reading your answer, I immediately thought that 'luatex' mode must
have something to do with sanitizing the argument to popen. But I'm
indeed able to remove arbitrary files in the files system by saying
io.popen('rm -f whatever')
Shouldn't popen in luatex/texlua be kept from executing arbitrary
commands similar to the \write18 feature?
Best regards,
Stephan Hennig
More information about the luatex
mailing list