Loading local lua

Loading local lua

[William Lupton]

[-- Attachment #1: Type: text/plain, Size: 1866 bytes --]

Hello,

My lua filters and writers all do "local utils = require 'utils'" to load
utils.lua from my user data dir.

I recently upgraded from pandoc 2.11.4 (23 Jan) to 2.14.1 (18 Jul) and
therefore this stopped working, as discussed here:

   - Lua filter can not find lua package in data-dir
   <https://groups.google.com/g/pandoc-discuss/c/rMfK9i9ZdWs/m/GmsnnHNqAQAJ>
(predates
   pandoc 2.12)
   - Using require on Lua filter doesn't work anymore in Pandoc 2.12
   <https://groups.google.com/g/pandoc-discuss/c/1wmM9ZzP9pw/m/O3wns027AAAJ>

Following the advice in the second thread, I ended up setting LUA_PATH. I
preferred this solution because it didn't involve changing any source files.

My pandoc command used to be "pandoc --data-dir=$DATADIR ..." and is now
"LUA_PATH=$DATADIR/?.lua pandoc --data-dir=$DATADIR ..." so it seems to me
that I must be subverting the fix to any security problems that were fixed
by not searching the user data dir!

I'm wondering whether it might be possible to restore searching of the user
data dir, possibly with some restrictions to prevent things like overriding
pandoc.List. It would be really nice to be able to use a simple "require".

Thanks,
William

PS, Note that utils.lua isn't in the same directory as the filters or
writers. These are in $DATADIR/filters and $DATADIR/writers, whereas
utils.lua is in the parent $DATADIR. I'd be happy to put utils.lua in some
other $DATADIR sub-directory.

-- 
You received this message because you are subscribed to the Google Groups "pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 2472 bytes --]

Re: Loading local lua

[BPJ]

[-- Attachment #1: Type: text/plain, Size: 3539 bytes --]

Wouldn't you have to do `LUA_PATH="$DATADIR/?.lua;$LUA_PATH"`? Also
LUA_PATH_5_3 overrides LUA_PATH if set.

To my understanding (although I am *not* an expert) the security problem
arises if you run filters not written or at least reviewed by you (or
someone you really trust) and/or your LUA_PATH gives access to similarly
untrustworthy code. Besides `require` is not the only thing you need to
look out for. `load` and `loadfile` and generally the `io` library and the
pandoc library's `pipe` are equally or more problematic regardless of what
is in LUA_PATH, and last I looked every filter has access to the datadir
location. There is never any substitute to knowing what's reachable from
code, and knowing what code does. Still most of us trust code repositories
like Luarocks and its equivalents to monitor for harmful code, but in
principle there is no substitute to reviewing code yourself.

Den tors 12 aug. 2021 10:44William Lupton <wlupton-QSt+ys/nuMyEUIsrzH9SikB+6BGkLq7r@public.gmane.org>
skrev:

> Hello,
>
> My lua filters and writers all do "local utils = require 'utils'" to load
> utils.lua from my user data dir.
>
> I recently upgraded from pandoc 2.11.4 (23 Jan) to 2.14.1 (18 Jul) and
> therefore this stopped working, as discussed here:
>
>    - Lua filter can not find lua package in data-dir
>    <https://groups.google.com/g/pandoc-discuss/c/rMfK9i9ZdWs/m/GmsnnHNqAQAJ> (predates
>    pandoc 2.12)
>    - Using require on Lua filter doesn't work anymore in Pandoc 2.12
>    <https://groups.google.com/g/pandoc-discuss/c/1wmM9ZzP9pw/m/O3wns027AAAJ>
>
> Following the advice in the second thread, I ended up setting LUA_PATH. I
> preferred this solution because it didn't involve changing any source files.
>
> My pandoc command used to be "pandoc --data-dir=$DATADIR ..." and is now
> "LUA_PATH=$DATADIR/?.lua pandoc --data-dir=$DATADIR ..." so it seems to me
> that I must be subverting the fix to any security problems that were fixed
> by not searching the user data dir!
>
> I'm wondering whether it might be possible to restore searching of
> the user data dir, possibly with some restrictions to prevent things like
> overriding pandoc.List. It would be really nice to be able to use a simple
> "require".
>
> Thanks,
> William
>
> PS, Note that utils.lua isn't in the same directory as the filters or
> writers. These are in $DATADIR/filters and $DATADIR/writers, whereas
> utils.lua is in the parent $DATADIR. I'd be happy to put utils.lua in some
> other $DATADIR sub-directory.
>
> --
> You received this message because you are subscribed to the Google Groups
> "pandoc-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com
> <https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups "pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhAOStn6WUCQ2eNPGU%2BdZD9GETR8ktHJXzk00A%3Dzo0S1dQ%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 4705 bytes --]

Re: Loading local lua

[William Lupton]

[-- Attachment #1: Type: text/plain, Size: 5311 bytes --]

Thanks (I am _definitely_ not an expert!). I'm sure that I should do what
you suggest (and prefix the existing LUA_PATH) but in this specific case it
didn't seem to be necessary (note that I'm only setting LUA_PATH for this
specific pandoc invocation, actually via a 'make' rule; I'm not exporting
it). I didn't know about LUA_PATH_5_3, so I suppose I should have set it
instead (then I have to know that pandoc embeds lua 5.3 but I expect that I
need to know that anyway in order to write the filter in the first place).

My point about security is that by setting LUA_PATH I think I'm enabling
essentially the same "search $DATADIR" behaviour that has been removed.
Ideally I'd prefer not to have to mess with an environment variable. Yes I
could add code to every filter and writer to find and use $DATADIR, but I
was hoping not to have to do this!

I suppose my bottom line question is why it isn't OK to trust the $DATADIR
lua. After all, $DATADIR/filters and $DATADIR/writers are surely trusted?

On Thu, 12 Aug 2021 at 10:47, BPJ <bpj-J3H7GcXPSITLoDKTGw+V6w@public.gmane.org> wrote:

> Wouldn't you have to do `LUA_PATH="$DATADIR/?.lua;$LUA_PATH"`? Also
> LUA_PATH_5_3 overrides LUA_PATH if set.
>
> To my understanding (although I am *not* an expert) the security problem
> arises if you run filters not written or at least reviewed by you (or
> someone you really trust) and/or your LUA_PATH gives access to similarly
> untrustworthy code. Besides `require` is not the only thing you need to
> look out for. `load` and `loadfile` and generally the `io` library and the
> pandoc library's `pipe` are equally or more problematic regardless of what
> is in LUA_PATH, and last I looked every filter has access to the datadir
> location. There is never any substitute to knowing what's reachable from
> code, and knowing what code does. Still most of us trust code repositories
> like Luarocks and its equivalents to monitor for harmful code, but in
> principle there is no substitute to reviewing code yourself.
>
> Den tors 12 aug. 2021 10:44William Lupton <wlupton-QSt+ys/nuMyEUIsrzH9SikB+6BGkLq7r@public.gmane.org>
> skrev:
>
>> Hello,
>>
>> My lua filters and writers all do "local utils = require 'utils'" to load
>> utils.lua from my user data dir.
>>
>> I recently upgraded from pandoc 2.11.4 (23 Jan) to 2.14.1 (18 Jul) and
>> therefore this stopped working, as discussed here:
>>
>>    - Lua filter can not find lua package in data-dir
>>    <https://groups.google.com/g/pandoc-discuss/c/rMfK9i9ZdWs/m/GmsnnHNqAQAJ> (predates
>>    pandoc 2.12)
>>    - Using require on Lua filter doesn't work anymore in Pandoc 2.12
>>    <https://groups.google.com/g/pandoc-discuss/c/1wmM9ZzP9pw/m/O3wns027AAAJ>
>>
>> Following the advice in the second thread, I ended up setting LUA_PATH. I
>> preferred this solution because it didn't involve changing any source files.
>>
>> My pandoc command used to be "pandoc --data-dir=$DATADIR ..." and is now
>> "LUA_PATH=$DATADIR/?.lua pandoc --data-dir=$DATADIR ..." so it seems to me
>> that I must be subverting the fix to any security problems that were fixed
>> by not searching the user data dir!
>>
>> I'm wondering whether it might be possible to restore searching of
>> the user data dir, possibly with some restrictions to prevent things like
>> overriding pandoc.List. It would be really nice to be able to use a simple
>> "require".
>>
>> Thanks,
>> William
>>
>> PS, Note that utils.lua isn't in the same directory as the filters or
>> writers. These are in $DATADIR/filters and $DATADIR/writers, whereas
>> utils.lua is in the parent $DATADIR. I'd be happy to put utils.lua in some
>> other $DATADIR sub-directory.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "pandoc-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com
>> <https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "pandoc-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhAOStn6WUCQ2eNPGU%2BdZD9GETR8ktHJXzk00A%3Dzo0S1dQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhAOStn6WUCQ2eNPGU%2BdZD9GETR8ktHJXzk00A%3Dzo0S1dQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups "pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxjLNvz4afJuwDhBqc0rnnQ%3Dh5_i3W3s_VPuQTSx0WfqqQ%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 7007 bytes --]

Re: Loading local lua

[BPJ]

[-- Attachment #1: Type: text/plain, Size: 6550 bytes --]

That's exactly my point. If *you* wrote all your filters and *you* wrote
all your datadir Lua there is no reason not to trust either. If you didn't
write it yourself restricting LUA_PATH means that a malicious filter can't
`require` stuff in your datadir, but if it knows the path to your datadir
it could poke around by other means. You have to look at the code you run
and check that it doesn't do anything bad.

Den tors 12 aug. 2021 13:23William Lupton <wlupton-QSt+ys/nuMyEUIsrzH9SikB+6BGkLq7r@public.gmane.org>
skrev:

> Thanks (I am _definitely_ not an expert!). I'm sure that I should do what
> you suggest (and prefix the existing LUA_PATH) but in this specific case it
> didn't seem to be necessary (note that I'm only setting LUA_PATH for this
> specific pandoc invocation, actually via a 'make' rule; I'm not exporting
> it). I didn't know about LUA_PATH_5_3, so I suppose I should have set it
> instead (then I have to know that pandoc embeds lua 5.3 but I expect that I
> need to know that anyway in order to write the filter in the first place).
>
> My point about security is that by setting LUA_PATH I think I'm enabling
> essentially the same "search $DATADIR" behaviour that has been removed.
> Ideally I'd prefer not to have to mess with an environment variable. Yes I
> could add code to every filter and writer to find and use $DATADIR, but I
> was hoping not to have to do this!
>
> I suppose my bottom line question is why it isn't OK to trust the $DATADIR
> lua. After all, $DATADIR/filters and $DATADIR/writers are surely trusted?
>
> On Thu, 12 Aug 2021 at 10:47, BPJ <bpj-J3H7GcXPSITLoDKTGw+V6w@public.gmane.org> wrote:
>
>> Wouldn't you have to do `LUA_PATH="$DATADIR/?.lua;$LUA_PATH"`? Also
>> LUA_PATH_5_3 overrides LUA_PATH if set.
>>
>> To my understanding (although I am *not* an expert) the security problem
>> arises if you run filters not written or at least reviewed by you (or
>> someone you really trust) and/or your LUA_PATH gives access to similarly
>> untrustworthy code. Besides `require` is not the only thing you need to
>> look out for. `load` and `loadfile` and generally the `io` library and the
>> pandoc library's `pipe` are equally or more problematic regardless of what
>> is in LUA_PATH, and last I looked every filter has access to the datadir
>> location. There is never any substitute to knowing what's reachable from
>> code, and knowing what code does. Still most of us trust code repositories
>> like Luarocks and its equivalents to monitor for harmful code, but in
>> principle there is no substitute to reviewing code yourself.
>>
>> Den tors 12 aug. 2021 10:44William Lupton <wlupton-QSt+ys/nuMyEUIsrzH9SikB+6BGkLq7r@public.gmane.org>
>> skrev:
>>
>>> Hello,
>>>
>>> My lua filters and writers all do "local utils = require 'utils'" to
>>> load utils.lua from my user data dir.
>>>
>>> I recently upgraded from pandoc 2.11.4 (23 Jan) to 2.14.1 (18 Jul) and
>>> therefore this stopped working, as discussed here:
>>>
>>>    - Lua filter can not find lua package in data-dir
>>>    <https://groups.google.com/g/pandoc-discuss/c/rMfK9i9ZdWs/m/GmsnnHNqAQAJ> (predates
>>>    pandoc 2.12)
>>>    - Using require on Lua filter doesn't work anymore in Pandoc 2.12
>>>    <https://groups.google.com/g/pandoc-discuss/c/1wmM9ZzP9pw/m/O3wns027AAAJ>
>>>
>>> Following the advice in the second thread, I ended up setting LUA_PATH.
>>> I preferred this solution because it didn't involve changing any source
>>> files.
>>>
>>> My pandoc command used to be "pandoc --data-dir=$DATADIR ..." and is now
>>> "LUA_PATH=$DATADIR/?.lua pandoc --data-dir=$DATADIR ..." so it seems to me
>>> that I must be subverting the fix to any security problems that were fixed
>>> by not searching the user data dir!
>>>
>>> I'm wondering whether it might be possible to restore searching of
>>> the user data dir, possibly with some restrictions to prevent things like
>>> overriding pandoc.List. It would be really nice to be able to use a simple
>>> "require".
>>>
>>> Thanks,
>>> William
>>>
>>> PS, Note that utils.lua isn't in the same directory as the filters or
>>> writers. These are in $DATADIR/filters and $DATADIR/writers, whereas
>>> utils.lua is in the parent $DATADIR. I'd be happy to put utils.lua in some
>>> other $DATADIR sub-directory.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "pandoc-discuss" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "pandoc-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhAOStn6WUCQ2eNPGU%2BdZD9GETR8ktHJXzk00A%3Dzo0S1dQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhAOStn6WUCQ2eNPGU%2BdZD9GETR8ktHJXzk00A%3Dzo0S1dQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "pandoc-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxjLNvz4afJuwDhBqc0rnnQ%3Dh5_i3W3s_VPuQTSx0WfqqQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxjLNvz4afJuwDhBqc0rnnQ%3Dh5_i3W3s_VPuQTSx0WfqqQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups "pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhBfbdHs74_HGSnfMzBNy6TD%3D%2BqC1k0MWG4_kh2Kfp-nzA%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 8706 bytes --]

Re: Loading local lua

[William Lupton]

[-- Attachment #1: Type: text/plain, Size: 7693 bytes --]

Thanks again.

Does anyone support restoring the ability to find lua in the user data dir
without the need for path manipulation? If so, I'd be happy to create an
issue (maybe I'll create one anyway).

(BTW I've changed to using LUA_PATH_5_3; I've also appended ;; so as to
prefix my user data dir to the existing path.)

On Thu, 12 Aug 2021 at 17:00, BPJ <bpj-J3H7GcXPSITLoDKTGw+V6w@public.gmane.org> wrote:

> That's exactly my point. If *you* wrote all your filters and *you* wrote
> all your datadir Lua there is no reason not to trust either. If you didn't
> write it yourself restricting LUA_PATH means that a malicious filter can't
> `require` stuff in your datadir, but if it knows the path to your datadir
> it could poke around by other means. You have to look at the code you run
> and check that it doesn't do anything bad.
>
> Den tors 12 aug. 2021 13:23William Lupton <wlupton-QSt+ys/nuMyEUIsrzH9SikB+6BGkLq7r@public.gmane.org>
> skrev:
>
>> Thanks (I am _definitely_ not an expert!). I'm sure that I should do what
>> you suggest (and prefix the existing LUA_PATH) but in this specific case it
>> didn't seem to be necessary (note that I'm only setting LUA_PATH for this
>> specific pandoc invocation, actually via a 'make' rule; I'm not exporting
>> it). I didn't know about LUA_PATH_5_3, so I suppose I should have set it
>> instead (then I have to know that pandoc embeds lua 5.3 but I expect that I
>> need to know that anyway in order to write the filter in the first place).
>>
>> My point about security is that by setting LUA_PATH I think I'm enabling
>> essentially the same "search $DATADIR" behaviour that has been removed.
>> Ideally I'd prefer not to have to mess with an environment variable. Yes I
>> could add code to every filter and writer to find and use $DATADIR, but I
>> was hoping not to have to do this!
>>
>> I suppose my bottom line question is why it isn't OK to trust the
>> $DATADIR lua. After all, $DATADIR/filters and $DATADIR/writers are surely
>> trusted?
>>
>> On Thu, 12 Aug 2021 at 10:47, BPJ <bpj-J3H7GcXPSITLoDKTGw+V6w@public.gmane.org> wrote:
>>
>>> Wouldn't you have to do `LUA_PATH="$DATADIR/?.lua;$LUA_PATH"`? Also
>>> LUA_PATH_5_3 overrides LUA_PATH if set.
>>>
>>> To my understanding (although I am *not* an expert) the security problem
>>> arises if you run filters not written or at least reviewed by you (or
>>> someone you really trust) and/or your LUA_PATH gives access to similarly
>>> untrustworthy code. Besides `require` is not the only thing you need to
>>> look out for. `load` and `loadfile` and generally the `io` library and the
>>> pandoc library's `pipe` are equally or more problematic regardless of what
>>> is in LUA_PATH, and last I looked every filter has access to the datadir
>>> location. There is never any substitute to knowing what's reachable from
>>> code, and knowing what code does. Still most of us trust code repositories
>>> like Luarocks and its equivalents to monitor for harmful code, but in
>>> principle there is no substitute to reviewing code yourself.
>>>
>>> Den tors 12 aug. 2021 10:44William Lupton <wlupton-QSt+ys/nuMyEUIsrzH9SikB+6BGkLq7r@public.gmane.org>
>>> skrev:
>>>
>>>> Hello,
>>>>
>>>> My lua filters and writers all do "local utils = require 'utils'" to
>>>> load utils.lua from my user data dir.
>>>>
>>>> I recently upgraded from pandoc 2.11.4 (23 Jan) to 2.14.1 (18 Jul) and
>>>> therefore this stopped working, as discussed here:
>>>>
>>>>    - Lua filter can not find lua package in data-dir
>>>>    <https://groups.google.com/g/pandoc-discuss/c/rMfK9i9ZdWs/m/GmsnnHNqAQAJ> (predates
>>>>    pandoc 2.12)
>>>>    - Using require on Lua filter doesn't work anymore in Pandoc 2.12
>>>>    <https://groups.google.com/g/pandoc-discuss/c/1wmM9ZzP9pw/m/O3wns027AAAJ>
>>>>
>>>> Following the advice in the second thread, I ended up setting LUA_PATH.
>>>> I preferred this solution because it didn't involve changing any source
>>>> files.
>>>>
>>>> My pandoc command used to be "pandoc --data-dir=$DATADIR ..." and is
>>>> now "LUA_PATH=$DATADIR/?.lua pandoc --data-dir=$DATADIR ..." so it seems to
>>>> me that I must be subverting the fix to any security problems that were
>>>> fixed by not searching the user data dir!
>>>>
>>>> I'm wondering whether it might be possible to restore searching of
>>>> the user data dir, possibly with some restrictions to prevent things like
>>>> overriding pandoc.List. It would be really nice to be able to use a simple
>>>> "require".
>>>>
>>>> Thanks,
>>>> William
>>>>
>>>> PS, Note that utils.lua isn't in the same directory as the filters or
>>>> writers. These are in $DATADIR/filters and $DATADIR/writers, whereas
>>>> utils.lua is in the parent $DATADIR. I'd be happy to put utils.lua in some
>>>> other $DATADIR sub-directory.
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "pandoc-discuss" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxhAWWYZO5C4sdwSEpRGiavcNg-6JzWvGjMtzOs5rFjDuw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "pandoc-discuss" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhAOStn6WUCQ2eNPGU%2BdZD9GETR8ktHJXzk00A%3Dzo0S1dQ%40mail.gmail.com
>>> <https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhAOStn6WUCQ2eNPGU%2BdZD9GETR8ktHJXzk00A%3Dzo0S1dQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "pandoc-discuss" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxjLNvz4afJuwDhBqc0rnnQ%3Dh5_i3W3s_VPuQTSx0WfqqQ%40mail.gmail.com
>> <https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxjLNvz4afJuwDhBqc0rnnQ%3Dh5_i3W3s_VPuQTSx0WfqqQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "pandoc-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhBfbdHs74_HGSnfMzBNy6TD%3D%2BqC1k0MWG4_kh2Kfp-nzA%40mail.gmail.com
> <https://groups.google.com/d/msgid/pandoc-discuss/CADAJKhBfbdHs74_HGSnfMzBNy6TD%3D%2BqC1k0MWG4_kh2Kfp-nzA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups "pandoc-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit https://groups.google.com/d/msgid/pandoc-discuss/CAEe_xxh4bHGws%3Dhh%3D9b4Oy0%3DOt1edG86KHWHp%2BnfOOGayM-EbA%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 10275 bytes --]