texlua-based tool and restricted shell escape
Reinhard Kotucha
reinhard.kotucha at gmx.de
Tue Feb 20 18:37:32 CET 2024
On 2024-02-20 at 15:45:30 +0000, Joseph Wright wrote:
> On 20/02/2024 15:37, Reinhard Kotucha wrote:
> > On 2024-02-20 at 13:09:37 +0000, Joseph Wright wrote:
> >
> > > Hello all,
> > >
> > > In the notes for the upcoming TL'24 version of LuaTeX, it seems that lfs
> > > functions should be able to work safely in restricted shell escape mode.
> > > Is that a fair reading?
> > >
> > > The reason for asking is that the idea of listing files from within the
> > > TeX run came up (https://tex.stackexchange.com/questions/709934), and
> > > prompted me to look back at some L3 code that allows
> > > platform-independent queries for the file structures, but which needs
> > > unrestricted shell escape.
> > >
> > > David C. reminded me that texosquery is allowed in restricted shell
> > > escape mode, but it needs Java and is non-ideal. I was therefore
> > > wondering about putting together a Lua-based script that would do the
> > > same things, and thus would be easier to rely on. But that's only
> > > worthwhile if it can be used without needing unrestricted shell escape.
> >
> > Hello Joseph,
> > maybe you can add the name of your script to the list of trusted
> > programs. They are listed in a variable called shell_escape_commands
> > in texmf-dist/web2c/texmf.cnf.
>
> Well yes, locally, but the question is whether this is viable at a
> distribution level.
texlive/202*/texmf-dist/web2c/texmf.cnf *is* at distribution level.
Regards,
Reinhard
--
------------------------------------------------------------------
Reinhard Kotucha Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover mailto:reinhard.kotucha at gmx.de
------------------------------------------------------------------
More information about the tex-live
mailing list.