Yue Wang wrote:
Hi, Hans:
there are provisions in mkiv to turn off os.execute etc in a tex run; since we have mplib embedded, there is not much reason for os.execute anyway so i can consider a --secure switch for mtx-context
not that helpful. users can still use io.open("/etc/xxx", "r") to read files they want. even if io.open is removed (impossible), we can still use \input /etc/xxx. so a bsd jail(8)-like solution is indispensable.
that's the same for pdftex/xetex
btw, virtual machine is also a nice solution. Since each time it down, reinstall a minimal operating system (like bsd base system) plus a full working ConTeXt minimals won't take more than 3 minutes (1.5 minute to reinstall the operating system, and 1.5 minute to rsync the source).
sure Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------