Hi Joseph

Thank you for your prompt response. You wrote

> Once one allows unrestricted shell escape, all bets are off in terms of what
> an arbitrary package can do.

Your implication is that "restricted shell escape" both
  1. reduces what an arbitrary package can do
  2. improves security
Please provide some evidence for (1), by for example providing references to the source code and tests.

For (2), this also needs to be argued. Suppose software item AAA-SECURE is not, in fact, secure. Then AAA-SECURE is already a security risk, because its name allows a social engineering exploit, which perhaps can then be leveraged.

By the way, the usual meaning of "restricted shell escape" is as in https://en.wikipedia.org/wiki/Restricted_shell. This page tell us: The restricted shell is not secure.

The TeX/LaTeX community has a different meaning for "restricted shell escape". As you are using the term in this new way, please would you provide a definition.

Please also would you discuss: http://tex-live.tug.narkive.com/1iD2CkdT/security-issues-for-restricted-shell-escape.

with best regards

Jonathan