LISTSERV - LATEX-L Archives - LISTSERV.UNI-HEIDELBERG.DE

LATEX-L Archives

Mailing list for the LaTeX3 project

LATEX-L@LISTSERV.UNI-HEIDELBERG.DE

	LISTSERV Archives
	LATEX-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: System shell functions
From:	Peter Wilson <[log in to unmask]>
Reply To:	Mailing list for the LaTeX3 project <[log in to unmask]>
Date:	Sat, 25 Aug 2018 21:24:34 +0100
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (1032 bytes) , text/html (2739 bytes)

Jonathon,

You might have had more responses if you had posted to 
https://tex.stackechange.com

Peter W.


On 24/08/18 18:10, Jonathan Fine wrote:
> Hi Joseph
>
> Thank you for your email on l3sys-shell. You wrote:
>
>     There are two broad questions we have. First, how do people feel
>     about these concepts? We can see that there may be some security
>     concerns, hence not adding directly to the expl3 core. However, as
>     one has to be running with unrestricted shell escape anyway, we
>     are not sure if providing macro wrappers makes these worse: 
>
>
> I'm not a security expert. Are you, Joseph? In any case, I've asked 
> your question on stack exchange, and put a code review comment on 
> github. Here's the URLs
>
>   * https://security.stackexchange.com/questions/192249/concerns-about-latex-3-shell-escape-code
>   * https://github.com/latex3/latex3/commit/7b62e64dde239f9cb6ae0f08400c0b5ccde815d8#diff-09def3f98d60fce78fbcc00e77c65795R3093
>
> I hope you'll get a useful response from a security expert.
>
> best regards
>
> Jonathan

ATOM RSS1 RSS2

LISTSERV.UNI-HEIDELBERG.DE
Universität Heidelberg \| Impressum \| Datenschutzerklärung