On 01/28/2013 11:23 PM, Stephan Hennig wrote:
Am 27.01.2013 11:37, schrieb Taco Hoekwater:
The extra slowness on linux is as expected: texlua has some extra
code in io that is needed for 'luatex' mode,
While reading your answer, I immediately thought that 'luatex' mode must
have something to do with sanitizing the argument to popen. But I'm
indeed able to remove arbitrary files in the files system by saying
io.popen('rm -f whatever')
Shouldn't popen in luatex/texlua be kept from executing arbitrary
commands similar to the \write18 feature?
On my system,
\directlua { assert(io.popen('rm -f whatever')) }
produces:
! LuaTeX error [string "\directlua "]:1: Command execution disabled
via shell_escape='p'
as it should.
This is LuaTeX, Version beta-0.75.0-2013010711 (rev 4532) (INITEX)
Best wishes,
Taco
