texlua-based tool and restricted shell escape
Joseph Wright
joseph.wright at morningstar2.co.uk
Tue Feb 20 20:15:09 CET 2024
On 20/02/2024 17:37, Reinhard Kotucha wrote:
> On 2024-02-20 at 15:45:30 +0000, Joseph Wright wrote:
>
> > On 20/02/2024 15:37, Reinhard Kotucha wrote:
> > > On 2024-02-20 at 13:09:37 +0000, Joseph Wright wrote:
> > >
> > > > Hello all,
> > > >
> > > > In the notes for the upcoming TL'24 version of LuaTeX, it seems that lfs
> > > > functions should be able to work safely in restricted shell escape mode.
> > > > Is that a fair reading?
> > > >
> > > > The reason for asking is that the idea of listing files from within the
> > > > TeX run came up (https://tex.stackexchange.com/questions/709934), and
> > > > prompted me to look back at some L3 code that allows
> > > > platform-independent queries for the file structures, but which needs
> > > > unrestricted shell escape.
> > > >
> > > > David C. reminded me that texosquery is allowed in restricted shell
> > > > escape mode, but it needs Java and is non-ideal. I was therefore
> > > > wondering about putting together a Lua-based script that would do the
> > > > same things, and thus would be easier to rely on. But that's only
> > > > worthwhile if it can be used without needing unrestricted shell escape.
> > >
> > > Hello Joseph,
> > > maybe you can add the name of your script to the list of trusted
> > > programs. They are listed in a variable called shell_escape_commands
> > > in texmf-dist/web2c/texmf.cnf.
> >
> > Well yes, locally, but the question is whether this is viable at a
> > distribution level.
>
> texlive/202*/texmf-dist/web2c/texmf.cnf *is* at distribution level.
Sure, but I don't get to decide whether it can be added: that's the call
of the TL maintainers, hence asking :)
Joseph
More information about the tex-live
mailing list.