[texworks] Lua scripting

T T t34www at googlemail.com
Thu Jun 11 11:56:37 CEST 2009


On 11/06/2009, Hans Hagen <pragma at wxs.nl> wrote:
> Stefan Löffler wrote:
>
>> Any opinions about this?
>
> you can add an option to the configuration file ("safer=true") or maybe
> listen to an environment variable and if not set just permit all functions
>
> if someone wants to abuse texworks to wipe someones disk, first of all
> the script has to come from an non tex related place, and users hav eto
> install it, and second, the fact that one can run a program
> (typesetting) already means that one can add a disk wiper

I agree. Let's not go overboard with those security issues. Note that
the situation with LuaTeX is somewhat different. You can run it
somewhere on a server and typeset whatever comes your way. In that
scenario you cannot assume that all documents/scripts are harmless and
you need some protection.

The situation is different for TW, since it is intended for personal
and interactive use, in which case there will be always user
supervision of what scripts get installed/executed. I think that this
is entirely sufficient and there is no need to disable anything. If
someone is stupid enough to run a random piece of code from a random
place, I'd say they get what they deserve. You cannot protect against
that anyway and introducing draconian security measures can only
cripple legitimate usage cases.

Cheers,

Tomek


More information about the texworks mailing list