> There are already experiments with luatex and harfbuzz: > https://github.com/michal-h21/luatex-harfbuzz-shaper > https://github.com/michal-h21/luatex-harfbuzz-shaper/blob/master/examples/scripts.pdf
Right, and it needs to load harfbuzz.so... I think it's an interesting experiment and I think it would be a pity if there was no way for it to be simply avaible and useable with TeXLive default settings... > The solution is to educate users. All security problems stem from > hiding important knowledge, offering security settings in a not > understandable way and pretending false security. If you offer an easy > access to potentially vulnerable or malicious libraries to uneducated > users, you are doin a misservice. For uneducated users reduced but > safe system is more valuable than a potentially vulnerable systems. > Thos who need higher functionality should understand the risk and > should be educated. I agree with all this, but security is really not important for most users (otherwise they wouldn't use Windows), so I think there is a kind of balance to find... Anyway, I'd be in favor of something like: - a setting in texmf.cnf called luatex_so_loading, with values "n" (none), "r" (restricted) or "a" (all). - restricted mode would only alow loading of xxx.so where xxx is in another texmf.cnf setting called luatex_so_authorized, containing for instance "harfbuzz" and "lualatex-platform", as these seem harmless... - in all cases, I think "." should be removed from CLUAINPUTS (as it induces security issues: if a script is allowed to write in current directory by openout_any, it can write a .so file, load it, and override openout_any settings) With this setting available and "r" by default, the average user can use a few safe libraries that will be useful in many cases (harfbuzz, lualatex-platform, etc.), and people can make the security level higher or lower according to their sensibility... What do you think? Thank you, -- Elie
