Yue Wang wrote:
> Hi, Hans:
>
>> there are provisions in mkiv to turn off os.execute etc in a tex run;
>> since we have mplib embedded, there is not much reason for os.execute
>> anyway so i can consider a --secure switch for mtx-context
>
> not that helpful. users can still use io.open("/etc/xxx", "r") to
> read files they want.
> even if io.open is removed (impossible), we can still use \input /etc/xxx.
> so a bsd jail(8)-like solution is indispensable.
that's the same for pdftex/xetex
> btw, virtual machine is also a nice solution. Since each time it down,
> reinstall a minimal operating system (like bsd base system) plus a
> full working ConTeXt minimals won't take more than 3 minutes (1.5
> minute to reinstall the operating system, and 1.5 minute to rsync the
> source).
sure
Hans
-----------------------------------------------------------------
Hans Hagen | PRAGMA ADE
Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com
| www.pragma-pod.nl
-----------------------------------------------------------------
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the
Wiki!
maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage : http://www.pragma-ade.nl / http://tex.aanhet.net
archive : https://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___________________________________________________________________________________
