Re: [NTG-context] ConTeXt Live not working

Mon, 10 Nov 2008 01:49:42 -0800 

Peter Münster wrote:
> On Mon, Nov 10 2008, Yue Wang wrote:
>>> As to the live, I think a patched Lua file (loslib.c) can solve this 
>>> problem:
>>> remove the line
>>>  {"execute",   os_execute},
>>> in the static const luaL_Reg syslib[].
>>>
>> Moreover, if we do that, ConTeXt will not adapt to the "stripped down" 
>> LuaTeX.
>> For example, mtxrun.lua contains many functions which depend on
>> os.execute, and it even created some synonames as well:
>>    if not os.exec  then os.exec  = os.execute end
>>    if not os.spawn then os.spawn = os.execute end
>> So, a simple line removal is not sufficient.
> 
> LuaTeX (and TeX/ConTeXt in general) is not compatible with security. The
> cache for example must be writable for everyone. In my opinion, the only
> options for live.contextgarden.net are:
> - just don't care, if there is a problem, restore from backup
> - chroot jail
> - virtual machine with virtual disk in non-persistent mode (at boot time
>   the disk is always a fresh installation)
> - perhaps some other ideas...
> 
> But adding security to LuaTeX seems to me too much work (a lot of
> exceptions, heavy security audit, problems with cache, problems with
> compatibility, and so on...).

there are provisions in mkiv to turn off os.execute etc in a tex run; 
since we have mplib embedded, there is not much reason for os.execute 
anyway so i can consider a --secure switch for mtx-context

-----------------------------------------------------------------
                                           Hans Hagen | PRAGMA ADE
               Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
      tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com
                                              | www.pragma-pod.nl
-----------------------------------------------------------------
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : https://foundry.supelec.fr/projects/contextrev/
wiki     : http://contextgarden.net
___________________________________________________________________________________

Reply via email to