Peter Münster wrote:
On Mon, Nov 10 2008, Yue Wang wrote:
As to the live, I think a patched Lua file (loslib.c) can solve this problem: remove the line {"execute", os_execute}, in the static const luaL_Reg syslib[].
Moreover, if we do that, ConTeXt will not adapt to the "stripped down" LuaTeX. For example, mtxrun.lua contains many functions which depend on os.execute, and it even created some synonames as well: if not os.exec then os.exec = os.execute end if not os.spawn then os.spawn = os.execute end So, a simple line removal is not sufficient.
LuaTeX (and TeX/ConTeXt in general) is not compatible with security. The cache for example must be writable for everyone. In my opinion, the only options for live.contextgarden.net are: - just don't care, if there is a problem, restore from backup - chroot jail - virtual machine with virtual disk in non-persistent mode (at boot time the disk is always a fresh installation) - perhaps some other ideas...
But adding security to LuaTeX seems to me too much work (a lot of exceptions, heavy security audit, problems with cache, problems with compatibility, and so on...).
there are provisions in mkiv to turn off os.execute etc in a tex run; since we have mplib embedded, there is not much reason for os.execute anyway so i can consider a --secure switch for mtx-context ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------