[luatex] Security review for extractbb.lua
Max Chernoff
tex at maxchernoff.ca
Sun Nov 17 11:16:42 CET 2024
Hi all,
We're considering replacing the "extractbb" program with a new
implementation written in Lua:
https://github.com/gucci-on-fleek/extractbb
Because "extractbb" is allowed to run in restricted shell-escape mode, I
want to make sure that the new implementation is secure.
Is there anyone here interested in doing a security review? If so, then
please send any comments/suggestions in a reply to this list, to me
privately, or on the linked GitHub page. I'm mainly interested in the
`source/extractbb-scratch.lua` file, but I'm definitely open to
suggestions for the other files as well.
Thanks,
-- Max
More information about the luatex
mailing list.