LISTSERV - LATEX-L Archives - LISTSERV.UNI-HEIDELBERG.DE

LATEX-L Archives

Mailing list for the LaTeX3 project

LATEX-L@LISTSERV.UNI-HEIDELBERG.DE

	LISTSERV Archives
	LATEX-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	Mailing list for the LaTeX3 project <[log in to unmask]>
Date:	Fri, 24 Aug 2018 18:10:46 +0100
Reply-To:	Mailing list for the LaTeX3 project <[log in to unmask]>
Subject:	Re: System shell functions
MIME-Version:	1.0
Message-ID:	<[log in to unmask]>
In-Reply-To:	<[log in to unmask]>
Content-Type:	multipart/alternative; boundary="000000000000eb3e690574317405"
From:	Jonathan Fine <[log in to unmask]>
Parts/Attachments:	text/plain (846 bytes) , text/html (1519 bytes)

Hi Joseph

Thank you for your email on l3sys-shell. You wrote:

There are two broad questions we have. First, how do people feel about
> these concepts? We can see that there may be some security concerns, hence
> not adding directly to the expl3 core. However, as one has to be running
> with unrestricted shell escape anyway, we are not sure if providing macro
> wrappers makes these worse:

I'm not a security expert. Are you, Joseph? In any case, I've asked your
question on stack exchange, and put a code review comment on github. Here's
the URLs

   -
   https://security.stackexchange.com/questions/192249/concerns-about-latex-3-shell-escape-code
   -
   https://github.com/latex3/latex3/commit/7b62e64dde239f9cb6ae0f08400c0b5ccde815d8#diff-09def3f98d60fce78fbcc00e77c65795R3093

I hope you'll get a useful response from a security expert.

best regards

Jonathan

ATOM RSS1 RSS2

LISTSERV.UNI-HEIDELBERG.DE
Universität Heidelberg \| Impressum \| Datenschutzerklärung