[texworks] Lua scripting
Jérome Laurens
jerome.laurens at u-bourgogne.fr
Wed Jun 10 13:00:27 CEST 2009
Le 9 juin 09 à 07:58, Stefan Löffler a écrit :
>
>> Finally, lua is powerful but dangerous. TeXWorks should launch
>> scripts
>> in a safe environment to avoid viruses and other kinds of malware.
>
> I'd appreciate any information you could give me on that. As said
> before, I've only just started experimenting with it seriously, so I
> haven't dug into all the details, yet. I suppose you mean that certain
> system calls should be deactivated? Or that the user is at least asked
> to confirm certain actions? On the other hand, if the user installed
> the
> script (once there is an installation procedure ;)) shouldn't we
> assume
> he did that on purpose rather than constantly ask (something I usually
> appreciate on Linux, but then again I may not be the average user -
> being a fan of configure/make and all ;)).
>
> -Stefan
>
Here are some info I gathered here and there
- to execute a script in a void environment:
local myFunction = loadfile("myscript.lua"); -- You may wish to check
for errors
setfenv(myFunction, {});
myFunction(); -- You may wish to pcall this
a void environment is sometimes too restrictive.
- to restrict some lua functions, for example restrict the write_to
function to only checked paths:
unsafe_writeto = writeto
writeto = function (filename)
if checkfilename(filename) then
%unsafe_writeto(filename) -- do the "real" open
else error("cannot open " .. filename)
end
end
unsafe_writeto = nil -- no more accesses after this point
Jerome
More information about the texworks
mailing list