On 10/20/2019 10:15 PM, Marcin Borkowski wrote:
Maybe Lua is, but every scriptable program is a risk. LuaTeX and write18 _are_ dangerous. It would be very easy to spread malicious TeX code, since everyone uses CTAN (LaTeX) packages without checking them first. But it wouldn’t come far, I guess, for it needs a while for a package to become known and in wide use, and that still means only in a subset of the (La)TeX community, where there are enough expert hackers who would find this malicious code.
Assuming that they would search for it. I'm less of an optimist here. no problem getting a hit on a search
https://www.usenix.org/system/files/login/articles/73506-checkoway.pdf ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | www.pragma-ade.nl | www.pragma-pod.nl -----------------------------------------------------------------