[tex-live] [luatex] lltxplatform integration
elie.roux at telecom-bretagne.eu
Thu Jun 4 11:58:58 CEST 2015
> There are already experiments with luatex and harfbuzz:
Right, and it needs to load harfbuzz.so... I think it's an interesting
experiment and I think it would be a pity if there was no way for it to
be simply avaible and useable with TeXLive default settings...
> The solution is to educate users. All security problems stem from
> hiding important knowledge, offering security settings in a not
> understandable way and pretending false security. If you offer an easy
> access to potentially vulnerable or malicious libraries to uneducated
> users, you are doin a misservice. For uneducated users reduced but
> safe system is more valuable than a potentially vulnerable systems.
> Thos who need higher functionality should understand the risk and
> should be educated.
I agree with all this, but security is really not important for most
users (otherwise they wouldn't use Windows), so I think there is a kind
of balance to find...
Anyway, I'd be in favor of something like:
- a setting in texmf.cnf called luatex_so_loading, with values "n"
(none), "r" (restricted) or "a" (all).
- restricted mode would only alow loading of xxx.so where xxx is in
another texmf.cnf setting called luatex_so_authorized, containing for
instance "harfbuzz" and "lualatex-platform", as these seem harmless...
- in all cases, I think "." should be removed from CLUAINPUTS (as it
induces security issues: if a script is allowed to write in current
directory by openout_any, it can write a .so file, load it, and override
With this setting available and "r" by default, the average user can use
a few safe libraries that will be useful in many cases (harfbuzz,
lualatex-platform, etc.), and people can make the security level higher
or lower according to their sensibility... What do you think?
More information about the tex-live