[texworks] Lua scripting

Jérome Laurens jerome.laurens at u-bourgogne.fr
Wed Jun 10 13:00:27 CEST 2009

Le 9 juin 09 à 07:58, Stefan Löffler a écrit :

>> Finally, lua is powerful but dangerous. TeXWorks should launch  
>> scripts
>> in a safe environment to avoid viruses and other kinds of malware.
> I'd appreciate any information you could give me on that. As said
> before, I've only just started experimenting with it seriously, so I
> haven't dug into all the details, yet. I suppose you mean that certain
> system calls should be deactivated? Or that the user is at least asked
> to confirm certain actions? On the other hand, if the user installed  
> the
> script (once there is an installation procedure ;)) shouldn't we  
> assume
> he did that on purpose rather than constantly ask (something I usually
> appreciate on Linux, but then again I may not be the average user -
> being a fan of configure/make and all ;)).
> -Stefan

Here are some info I gathered here and there

- to execute a script in a void environment:

local myFunction = loadfile("myscript.lua"); -- You may wish to check  
for errors
setfenv(myFunction, {});
myFunction(); -- You may wish to pcall this

a void environment is sometimes too restrictive.

- to restrict some lua functions, for example restrict the write_to  
function to only checked paths:

unsafe_writeto = writeto
writeto = function (filename)
if checkfilename(filename) then
%unsafe_writeto(filename) -- do the "real" open
else error("cannot open " .. filename)
unsafe_writeto = nil -- no more accesses after this point


More information about the texworks mailing list