[texworks] Lua scripting

Stefan Löffler st.loeffler at gmail.com
Thu Jun 11 11:01:57 CEST 2009 

On 2009-06-11 01:04, Manuel Pégourié-Gonnard wrote:
>> Are there any other critical functions? Like command execution, or
>> something? Network/internet access?
>>
>>     
> Here too you can look for inspiration in luatex, section 3.1.3 of the manual say
> that the following function are disabled by default in tex mode:
>
> library functions
> os      execute exec setenv rename remove tmpdir
> io      popen output tmpfile
> lfs     rmdir mkdir chdir lock touch
>
> (some of them are not standard Lua functions).
>   

Thanks for the valuable info. Now the only problem I still have is what
to disable. If it should be possible to delegate typesetting to lua
scripts we can't completely disable exec, popen or related functions.
One option would be to ask the user whether to allow a certain operation
each time, but I imagine that would be rather annoying in the long run
(imaging every time you typeset a document you get a couple of messages
warning you about program execution and the like).

Allowing arbitrary program execution would of course be too dangerous,
however (imagine a malicious script wiping the windows registry, thereby
probably rendering the computer unusable). So we'd need a way to
persistently store what programs the user wants to be executed. Storing
them in a plain text file (and possibly allowing file access) would
again be useless as every script could then upgrade itself.

And in any case I'm still not quite comfortable with having popup
dialogs asking for every program that is getting executed, even if it's
just once (I've come to hate some firewalls that can't be configured
properly). And even allowing only the execution of *TeX tools doesn't
help as there could always be malicious programs "incidentally" sharing
the name. But I guess security can only go so far.

Another option would be to require script writers to declare the
functions/programs it's going to use, so the user can decide whether he
wants to do that or not (e.g. at installation time). This probably
inhibits some particularly dynamic approaches, but maybe it's a start.

Any opinions about this?

-Stefan

More information about the texworks mailing list