[texworks] Lua scripting
jerome.laurens at u-bourgogne.fr
Sun Jun 14 00:11:40 CEST 2009
Le 13 juin 09 à 22:26, Reinhard Kotucha a écrit :
> On 11 June 2009 T T wrote:
>> On 11/06/2009, Hans Hagen <pragma at wxs.nl> wrote:
>>> Stefan Löffler wrote:
>>>> Any opinions about this?
>>> you can add an option to the configuration file ("safer=true") or
>>> listen to an environment variable and if not set just permit all
>>> if someone wants to abuse texworks to wipe someones disk, first of
>>> the script has to come from an non tex related place, and users
>>> hav eto
>>> install it, and second, the fact that one can run a program
>>> (typesetting) already means that one can add a disk wiper
>> I agree. Let's not go overboard with those security issues. Note that
>> the situation with LuaTeX is somewhat different. You can run it
>> somewhere on a server and typeset whatever comes your way. In that
>> scenario you cannot assume that all documents/scripts are harmless
>> you need some protection.
>> The situation is different for TW, since it is intended for personal
>> and interactive use, in which case there will be always user
>> supervision of what scripts get installed/executed. I think that this
>> is entirely sufficient and there is no need to disable anything. If
>> someone is stupid enough to run a random piece of code from a random
>> place, I'd say they get what they deserve. You cannot protect against
>> that anyway and introducing draconian security measures can only
>> cripple legitimate usage cases.
> Tomek, thank you very much for this mail. What you say is exactly
> what I think. There should't be any restrictions.
Things are not that simple.
TeXWorks natural audience is the beginner in TeX, and most probably in
You cannot ask a user to supervise the script management when he is
just learning what -is- a script.
There are more or less simple ways to distinguish trusted from
The most important thing is to choose a design that will authorize a
forthcoming safety policy.
More information about the texworks