Hi, Aditya:
So next time the Live is down, I can manually fix that :-)
I think that this is a serious security risk. Replacing luatools --generate with any unix command works. I can cat files in /etc directory, so os.exec effectively gives me read access to the entire server.
Is there a luatex flag which can limit what os.exec can do?
Without os.exec, it is not lua any more --- and moreover, many ConTeXt MKIV functions depend on that. As to the live, I think a patched Lua file (loslib.c) can solve this problem: remove the line {"execute", os_execute}, in the static const luaL_Reg syslib[]. Running a TeX server had been a very dangerous service since long ago (even before the appearance of luatex): You know in pdftex and xetex, there is also a register defined by the WEB2C (\write18) which enables the users to perform the similar tricks. Webadmins should turn off that feature to ensure safety. The libraries like XPDF which tex programs are linked to also have very serious security bugs. So all the binaries send to Live should have all these features turned off. Yue Wang