From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.text.pandoc/30540 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Julien Dutant Newsgroups: gmane.text.pandoc Subject: Lua filter security: safe mode? Date: Tue, 10 May 2022 06:45:05 -0700 (PDT) Message-ID: <13cd1f3a-bc26-49cf-a7df-ec8d56fcf05an@googlegroups.com> Reply-To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_588_697068011.1652190305335" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="32524"; mail-complaints-to="usenet@ciao.gmane.io" To: pandoc-discuss Original-X-From: pandoc-discuss+bncBC5Y3356IYIOFWHJSMDBUBHIT5PL6-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Tue May 10 15:45:10 2022 Return-path: Envelope-to: gtp-pandoc-discuss@m.gmane-mx.org Original-Received: from mail-oi1-f188.google.com ([209.85.167.188]) by ciao.gmane.io with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1noQAn-0008H1-Nq for gtp-pandoc-discuss@m.gmane-mx.org; Tue, 10 May 2022 15:45:09 +0200 Original-Received: by mail-oi1-f188.google.com with SMTP id bx30-20020a0568081b1e00b00326a3063b13sf2115263oib.9 for ; Tue, 10 May 2022 06:45:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:date:from:to:message-id:subject:mime-version :x-original-sender:reply-to:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=CRVMcjDk29GL0o8KeMR2fsGZlLMTQtCwFDDLIP1DAbQ=; b=ge33sr3qcL83eS4xujYl+ZBOUq3yGOVvA44vVZBXYoKH3Uw8/1m3F5/cniyjEv+eDV L6596LRKb2S93eGykvcXVp+6bdxFectuQjXqDN0PK5y80NlCaVOUxcq7mnLR5CpTjcKV oDQXHWwy3FCpIVdJUfRVZf88wUFbX+pFb9arWulvZbysgsSQ7QOrf+9OfbkRVzND2cE/ FpglMcr2C1DkAmlTtPrZBJ6w6Zcl2ijrfod71F5W4vCs7w2O0NhtmGqC4sSpVttNWerO qFLJWxZ8e2fMJbd69q008qlVaHSrHotNdGR13XAYkzj6HAmmzMhjv8TsaOXYtHxEPxw1 LC3A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:message-id:subject:mime-version:x-original-sender :reply-to:precedence:mailing-list:list-id:list-post:list-help :list-archive:list-subscribe:list-unsubscribe; bh=CRVMcjDk29GL0o8KeMR2fsGZlLMTQtCwFDDLIP1DAbQ=; b=Bo/sVJ4ulR3718VM4r6WCuJkPWCeK81FTNg/kgS02lvQSRBRziRcJku16R3WNUCbaP yDlcuYHRE3Muta4WHF0JS/9vsG6QzvFWUMagWotTGp3NEJtR/WEJFY6Pf5+h4qPT/xf4 ZElfnwM6TiRKiNywzwiQoio24DkCP5fvNRf7F0Lj/t0cfAolcBfFTuYCUXFuMVcF+Z7j QOTqgRKL9Ip7fYU4FitDUahkW6j4uamN83dXqYmgAkB0DurgYNwEegnV7yeCv6CBPHvQ 3+6yN4DvI+kTkm33mClN0nM8djzhcO/xXhMwMm8KMf9M5v3rEafOmSHhx6E3itQp1XTU wowA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:date:from:to:message-id:subject :mime-version:x-original-sender:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=CRVMcjDk29GL0o8KeMR2fsGZlLMTQtCwFDDLIP1DAbQ=; b=doiw1U/L30NzPU1K8S0STwl//f8PJqVHBXvWz6Y2xjRwRognp9JaKpBaDmVpg58xf6 lgQ5mn9wqEsUujlTlgRm+c82oL2IZdyMu0mK4KonpFEbU0XoHhtwzbN04CF+MnfydrBI eClOBvXCC/jQkKXdHSh9KMuYuNb68QhcPH/ssTAnVOv6sMQjdi5DHBcA93z8kLFltKh2 izjtvLcaWbK7zsDCpXoEQV7mQcMBf2C2tZTCj0WUsmFQOn2wYp4dXhVKwlg46wjt8SB3 G6+ZQ303ZQXsqqQR1DadOJkv9ffPY0geLG9Aqexkjyu5ih6H4Zv3CwXSsoPTXgCUI4iE m7iA== Original-Sender: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org X-Gm-Message-State: AOAM53303cJ7QP2KcWcXZjYn/t1dCCRSgELMhbph1ZXuwwGfQdCUHBW/ 0cUmafzcjK/PbL6NLZ5uV0g= X-Google-Smtp-Source: ABdhPJw82xpeMM2CD8BcVb7J7wr5P0eG7I3AKWKURIWyHU8Koi4ajpsYlJxNGiAleeL+tYryIGCriA== X-Received: by 2002:a05:6870:b4a0:b0:ed:a0a2:4ec7 with SMTP id y32-20020a056870b4a000b000eda0a24ec7mr87372oap.120.1652190308712; Tue, 10 May 2022 06:45:08 -0700 (PDT) X-BeenThere: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Original-Received: by 2002:a9d:2626:0:b0:605:d52a:2a0f with SMTP id a35-20020a9d2626000000b00605d52a2a0fls3945247otb.2.gmail; Tue, 10 May 2022 06:45:06 -0700 (PDT) X-Received: by 2002:a9d:20e2:0:b0:5c9:2edb:af8e with SMTP id x89-20020a9d20e2000000b005c92edbaf8emr8263924ota.325.1652190306007; Tue, 10 May 2022 06:45:06 -0700 (PDT) X-Original-Sender: julien.dutant-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org Precedence: list Mailing-list: list pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org; contact pandoc-discuss+owners-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org List-ID: X-Google-Group-Id: 1007024079513 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Xref: news.gmane.io gmane.text.pandoc:30540 Archived-At: ------=_Part_588_697068011.1652190305335 Content-Type: multipart/alternative; boundary="----=_Part_589_248757141.1652190305335" ------=_Part_589_248757141.1652190305335 Content-Type: text/plain; charset="UTF-8" Hi all, As discussed a while ago on https://github.com/pandoc/lua-filters/issues/207#issuecomment-1067959808 and said in Pandoc's manual, running Lua filters downloaded from internet is a security risk as Pandoc is run with full privileges. But doesn't all the risk only comes for Lua's `os` module (and perhaps io?), which few filters actually use? If so, would it be possible for Pandoc to run Lua filters without this module, providing an alternative flag (something like --lua-filter-safe) to run a filter safely? J -- You received this message because you are subscribed to the Google Groups "pandoc-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/13cd1f3a-bc26-49cf-a7df-ec8d56fcf05an%40googlegroups.com. ------=_Part_589_248757141.1652190305335 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi all,

As discussed a while ago on https://github.com/p= andoc/lua-filters/issues/207#issuecomment-1067959808 and said in Pandoc's m= anual, running Lua filters downloaded from internet is a security risk as P= andoc is run with full privileges. 

But doesn= 't all the risk only comes for Lua's `os` module (and perhaps io?), which f= ew filters actually use? If so, would it be possible for Pandoc to run Lua = filters without this module, providing an alternative flag (something like = --lua-filter-safe) to run a filter safely?

J

--
You received this message because you are subscribed to the Google Groups &= quot;pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to pand= oc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org.
To view this discussion on the web visit https://groups.google.com/d= /msgid/pandoc-discuss/13cd1f3a-bc26-49cf-a7df-ec8d56fcf05an%40googlegroups.= com.
------=_Part_589_248757141.1652190305335-- ------=_Part_588_697068011.1652190305335--