From: Hans Hagen <pragma@wxs.nl>
To: mailing list for ConTeXt users <ntg-context@ntg.nl>
Subject: Re: ConTeXt Live not working
Date: Mon, 10 Nov 2008 10:46:33 +0100 [thread overview]
Message-ID: <491802F9.7070608@wxs.nl> (raw)
In-Reply-To: <20081110082614.GA32172@gaston.couberia.bzh>
Peter Münster wrote:
> On Mon, Nov 10 2008, Yue Wang wrote:
>>> As to the live, I think a patched Lua file (loslib.c) can solve this problem:
>>> remove the line
>>> {"execute", os_execute},
>>> in the static const luaL_Reg syslib[].
>>>
>> Moreover, if we do that, ConTeXt will not adapt to the "stripped down" LuaTeX.
>> For example, mtxrun.lua contains many functions which depend on
>> os.execute, and it even created some synonames as well:
>> if not os.exec then os.exec = os.execute end
>> if not os.spawn then os.spawn = os.execute end
>> So, a simple line removal is not sufficient.
>
> LuaTeX (and TeX/ConTeXt in general) is not compatible with security. The
> cache for example must be writable for everyone. In my opinion, the only
> options for live.contextgarden.net are:
> - just don't care, if there is a problem, restore from backup
> - chroot jail
> - virtual machine with virtual disk in non-persistent mode (at boot time
> the disk is always a fresh installation)
> - perhaps some other ideas...
>
> But adding security to LuaTeX seems to me too much work (a lot of
> exceptions, heavy security audit, problems with cache, problems with
> compatibility, and so on...).
there are provisions in mkiv to turn off os.execute etc in a tex run;
since we have mplib embedded, there is not much reason for os.execute
anyway so i can consider a --secure switch for mtx-context
-----------------------------------------------------------------
Hans Hagen | PRAGMA ADE
Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com
| www.pragma-pod.nl
-----------------------------------------------------------------
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!
maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage : http://www.pragma-ade.nl / http://tex.aanhet.net
archive : https://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___________________________________________________________________________________
next prev parent reply other threads:[~2008-11-10 9:46 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-09 11:35 Pablo Rodríguez
2008-11-09 12:24 ` Yue Wang
2008-11-09 17:15 ` Pablo Rodríguez
2008-11-10 5:08 ` Yue Wang
2008-11-10 5:11 ` Yue Wang
2008-11-10 5:47 ` Aditya Mahajan
2008-11-10 6:57 ` Yue Wang
2008-11-10 7:10 ` Yue Wang
2008-11-10 8:26 ` Peter Münster
2008-11-10 9:46 ` Yue Wang
2008-11-10 22:09 ` Diego Depaoli
2008-11-10 9:46 ` Hans Hagen [this message]
2008-11-10 10:12 ` Yue Wang
2008-11-10 10:38 ` Hans Hagen
2008-11-10 21:32 ` Patrick Gundlach
2008-11-10 9:51 ` Taco Hoekwater
2008-11-10 21:30 ` Patrick Gundlach
2008-11-09 12:32 ` Peter Münster
2008-11-09 17:18 ` Pablo Rodríguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=491802F9.7070608@wxs.nl \
--to=pragma@wxs.nl \
--cc=ntg-context@ntg.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).