Yue Wang wrote: > Hi, Hans: > >> there are provisions in mkiv to turn off os.execute etc in a tex run; >> since we have mplib embedded, there is not much reason for os.execute >> anyway so i can consider a --secure switch for mtx-context > > not that helpful. users can still use io.open("/etc/xxx", "r") to > read files they want. > even if io.open is removed (impossible), we can still use \input /etc/xxx. > so a bsd jail(8)-like solution is indispensable.
that's the same for pdftex/xetex > btw, virtual machine is also a nice solution. Since each time it down, > reinstall a minimal operating system (like bsd base system) plus a > full working ConTeXt minimals won't take more than 3 minutes (1.5 > minute to reinstall the operating system, and 1.5 minute to rsync the > source). sure Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl ----------------------------------------------------------------- ___________________________________________________________________________________ If your question is of interest to others as well, please add an entry to the Wiki! maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context webpage : http://www.pragma-ade.nl / http://tex.aanhet.net archive : https://foundry.supelec.fr/projects/contextrev/ wiki : http://contextgarden.net ___________________________________________________________________________________