[texworks] Lua scripting

Jérome Laurens jerome.laurens at u-bourgogne.fr
Sun Jun 14 00:11:40 CEST 2009 

Le 13 juin 09 à 22:26, Reinhard Kotucha a écrit :

> On 11 June 2009 T T wrote:
>
>> On 11/06/2009, Hans Hagen <pragma at wxs.nl> wrote:
>>> Stefan Löffler wrote:
>>>
>>>> Any opinions about this?
>>>
>>> you can add an option to the configuration file ("safer=true") or  
>>> maybe
>>> listen to an environment variable and if not set just permit all  
>>> functions
>>>
>>> if someone wants to abuse texworks to wipe someones disk, first of  
>>> all
>>> the script has to come from an non tex related place, and users  
>>> hav eto
>>> install it, and second, the fact that one can run a program
>>> (typesetting) already means that one can add a disk wiper
>>
>> I agree. Let's not go overboard with those security issues. Note that
>> the situation with LuaTeX is somewhat different. You can run it
>> somewhere on a server and typeset whatever comes your way. In that
>> scenario you cannot assume that all documents/scripts are harmless  
>> and
>> you need some protection.
>>
>> The situation is different for TW, since it is intended for personal
>> and interactive use, in which case there will be always user
>> supervision of what scripts get installed/executed. I think that this
>> is entirely sufficient and there is no need to disable anything. If
>> someone is stupid enough to run a random piece of code from a random
>> place, I'd say they get what they deserve. You cannot protect against
>> that anyway and introducing draconian security measures can only
>> cripple legitimate usage cases.
>
> Tomek, thank you very much for this mail.  What you say is exactly
> what I think.  There should't be any restrictions.
>
> Regards,
> Reinhard

Things are not that simple.

TeXWorks natural audience is the beginner in TeX, and most probably in  
scripting too.
You cannot ask a user  to supervise the script management when he is  
just learning what -is- a script.

There are more or less simple ways to distinguish trusted from  
untrusted scripts.

The most important thing is to choose a design that will authorize a  
forthcoming safety policy.

--JL

More information about the texworks mailing list