Content-Type: |
text/plain; charset=utf-8; format=flowed |
Date: |
Fri, 24 Aug 2018 11:34:27 +0100 |
Reply-To: |
|
Subject: |
|
MIME-Version: |
1.0 |
Message-ID: |
|
Content-Transfer-Encoding: |
7bit |
Sender: |
|
From: |
|
Parts/Attachments: |
|
|
Hello all,
Following some discussion at TUG2018, the team have added an
experimental package, l3sys-shell, to the l3experimental bundle.
This package provides platform-agnostic interfaces to common file/system
operations, for example file copying. These only work if shell escape is
enabled: they will be blocked by the TeX system otherwise but in any
case are set up as macro-level no-ops.
There are two broad questions we have. First, how do people feel about
these concepts? We can see that there may be some security concerns,
hence not adding directly to the expl3 core. However, as one has to be
running with unrestricted shell escape anyway, we are not sure if
providing macro wrappers makes these worse: a suitably-motivated person
could after all write their own malicious code in this area. How do
people see this? (Note that existing packages already set up their own
file copying/deletion/etc.)
The second is more tightly focussed on the two (relatively) 'safe'
operations, getting the absolute path of the working directory, and
listing all files in a given directory. Both of these could be done
without unrestricted shell escape given a suitable 'wrapper' layer.
Would this be worth pursuing?
Joseph
|
|
|