Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by h2774747.stratoserver.net (8.15.2/8.15.2/Debian-3) with ESMTP id w7OJkm33032395 for ; Fri, 24 Aug 2018 21:46:50 +0200 Received: from relay.uni-heidelberg.de ([129.206.100.212]) by mx-ha.gmx.net (mxgmx117 [212.227.17.5]) with ESMTPS (Nemesis) id 1N6teh-1ft5Aa0yfX-0183s8 for ; Fri, 24 Aug 2018 21:46:43 +0200 Received: from listserv.uni-heidelberg.de (listserv.uni-heidelberg.de [129.206.100.94]) by relay.uni-heidelberg.de (8.15.2/8.15.2) with ESMTP id w7OJkhYA022084; Fri, 24 Aug 2018 21:46:43 +0200 Received: from listserv (localhost [127.0.0.1]) by listserv.uni-heidelberg.de (Postfix) with ESMTP id C4A57127695; Fri, 24 Aug 2018 21:46:35 +0200 (CEST) Received: by LISTSERV.UNI-HEIDELBERG.DE (LISTSERV-TCP/IP release 16.0) with spool id 29077488 for LATEX-L@LISTSERV.UNI-HEIDELBERG.DE; Fri, 24 Aug 2018 21:46:35 +0200 Delivered-To: LATEX-L@listserv.uni-heidelberg.de Received: from relay.uni-heidelberg.de (relay.uni-heidelberg.de [129.206.100.212]) by listserv.uni-heidelberg.de (Postfix) with ESMTP id A3DC8125CBA for ; Fri, 24 Aug 2018 21:46:35 +0200 (CEST) Received: from mail-yw1-f43.google.com (mail-yw1-f43.google.com [209.85.161.43]) by relay.uni-heidelberg.de (8.15.2/8.15.2) with ESMTPS id w7OJkTx1022017 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 24 Aug 2018 21:46:32 +0200 Received: by mail-yw1-f43.google.com with SMTP id p206-v6so3499718ywg.12 for ; Fri, 24 Aug 2018 12:46:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=2qHuHl8DK2KyWj0VhfnELczzN5nRJZ2+uV1RIzQzYJI=; b=ExdtHrdOwSvZWi3QJRIUBI/JtqCX4WiqwqUTG8JSKK2EEcS0+ZgEaETCWf9uw87aM7 7+Gv7W3nVdackIOuhDzn98uvUyIpzvASTl2TKeJsF0PbrZmkiQLW/56KCRiGAaP9HR1I bcBU6aRxiCRa4pqxHHf21OwhCuisGHVdoLu7gpTZkroVaIMxQm5b2/NrbujLLgFnyvAI djhjvZpPvhahGW0OeNbF41FuKaxpQBMvI2SKOmAoqKI/TXbFxah1GJkZJYy+8+YNyMlP p56OFZbsz2KsKQxPM82MfU9r/6RRkMtEz75Tiz3/D6jDYD+3RUwDa1pLyw/oyuLFY5Mv 8yUA== X-Gm-Message-State: APzg51Aah/Yd6nKLMc8TcXxKOhd06n1yPekN87Ab/uwO+qo89RiYTshn zeB22+A0KvnKl6//Ea3xHw+xSALJyWxRRs5eK+kHhaZv X-Google-Smtp-Source: ANB0VdYJ2ui12L9iLeI+DLINs9KDUxoM4LI4juEuRHlMvTW2Uoy8rpcPRXWQ7tFOUSyeEuDJ9H1/wmNoIIC/Z6KFIPs= X-Received: by 2002:a81:6fd6:: with SMTP id k205-v6mr1890265ywc.226.1535139988734; Fri, 24 Aug 2018 12:46:28 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a81:7784:0:0:0:0:0 with HTTP; Fri, 24 Aug 2018 12:46:27 -0700 (PDT) References: <7aac3298-e217-7dfe-6787-ad1b69f43fc4@morningstar2.co.uk> <44b7823e-d23a-6662-d777-f3b30ac4b2b5@morningstar2.co.uk> Content-Type: multipart/alternative; boundary="000000000000b58834057433a142" Message-ID: Date: Fri, 24 Aug 2018 20:46:27 +0100 Reply-To: Mailing list for the LaTeX3 project Sender: Mailing list for the LaTeX3 project From: Jonathan Fine Subject: Re: System shell functions To: LATEX-L@LISTSERV.UNI-HEIDELBERG.DE In-Reply-To: <44b7823e-d23a-6662-d777-f3b30ac4b2b5@morningstar2.co.uk> Precedence: list List-Help: , List-Unsubscribe: List-Subscribe: List-Owner: List-Archive: Envelope-To: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3; X-UI-Filterresults: notjunk:1;V01:K0:HYnZV79GTo8=:iY767CZ9o4TcOQfHWVmM9QCqfH B5hnVge8I1XYTRV5bEXBFQ6yCUrVDuWcABPPI0jHOcUC7JNHKTq4anol66qCqbI7xgddf0m3e gI8a3U9Kji8kFVXXXbaTF0vygKNHTGTEJ39fJlvmgfiae6kF1ry1fGwWEAYDzWCkZ3pTuQ+1b VK0o/SOP+rGu61xwSSp8luBO0OOVtPh6r6JcB6cNU2X2RNu6tCWR1Zzn5vXwJIVMauWSWIe2h KRSpOOMMBp7zhmez1AXo2J1fvsUxJnieXG82A7k8bI9FIqnOxRyOZ9lPLf8Xdvo70fUJWDdH/ saMjKWLe8COjU3hXuPLMuE82OisYckLtuN4ZwHDSvPtrEO1E9Ht/wqeurdewn+z/F1HEh2l+c oOlIWVVUodORWdp6gaczDPwWjg5BRpWNP627dx705AF8w1B22Al1+/uzl1EjLJa9pKs6pjVux EOvitKHrbB6w7cEkrNgPr8OMIJO0Q6G34zxRhNdpj6RUiZQFyI0Cle8Ep6h1bDDQXSpx9YbFI E+aVD3D2+C0UvV+8xErjwavrUdiebnKln3ZL8HYRh4D2hFmUldrqpfMmg2MSyKSKWv0MQ7M24 b+DERuvX2amvLYX4k+dfkCwRq5Tzpa/lgcDPmY3FXskUW/iwUQB/qFsO8Yorb/PTXfr0MF/XN D7M3BhtUCulIaLSJbjdul4ozNsGlCwkEEaYMsmo0XL43sUa2rO6oz7Vyb4s+v8FbmAcjDOjCT TJ20XFQZSVLK34ed4ZyR5xa6hrqzCAMjrZaisYx69tKzrr+MjmM1idgS7OgaL0GGQa2ysgvw4 RjsplFnLiDofY5IKI4G/uUUvlnqqbVCw9Fhyj9WL/8pCty4IVcwYJCR8XSMEedxr/W0XlzLIh CYn7Kn3D6vKx2EICBtoa3Lvz7ICUAcYh9BxVBWdcMV7k7xPnPfy4wzLqR3gGIhC4war9vordV IK/+2CdRsHIeOKU5jc9bJouGPu1X7LPLSDj9XcJVCm1FtzViD/tDlt7ZghYJbxX/dUwQltk/E ngBXOcKIGjhaaSAVOj88HhBjlbonIZoX8hD3o9B1B+9tgNrlYtPJQciF/75HPCqzbAa/MP40B /TjYAWvb37HfE2wQeDqxeJ7msT8Wed/DhifF1iN1n6vMrvwwtmhKggVsf5nt1F1bqKbly48XB sfGOFLeRTvjhr2zg07YFhLhORtlIm64MLdGCk74+b85912/l1Ehg/0ps9fKf2dDRp0DOdVez5 29dHRu7dONTfU2RukxV58SL1Schknd4WEKxm3H/KjWTIWSbBDIcxV+5C5dprNXPsmSThtU2v5 i27i7Ocxez7sQ1H4nCzj99sNdlsrQR2ImJHI6r7C6goILtzRWzQ7QI1qFyEONo/5Fne5fSKHg hiES97a2cxSWMSY2b17fJutYMjlmwODBsbFLyhCb78AwHOMF03Yipnah2NbjH0KX1C7YbrtQ3 fyYElMyyDHjoqzVwQuEyTL6BGhH9G+PnGAEuOv7ch3nG1yweVp2JXv8KKR/RkkJDyoIdXtzRM BGZRBqGIUN68TCVml9xh2G4LoDfYgZUaMdiXpOxl65cL83xXdU3zQKRgrVl2XtpPDK/iZPIk/ IUTAiQgmSzTAI+6ZAnN6TCnwoAa/0w5hO2Q+ApX8Ex8ubWnrx3n9+0/v0fWJiM/xdr9xnQjna 8EqwViZG3JfA7TG5EH8sJH4xhe70evxSKahR5j8OaLVRJIlWdAkor7gcJ5SVj6CTmuE8wdSyB M5K3+SqCKB50hPA35pzX6MhbSS08B+IKYid/hDr0wA/c6Rpys5IEzYTjLafIMBoqWkRt4pWHf aCUPaG2o53efgJYOq9J0TIrDBGvBl4R8Dk6PNsBMXQ1A780Rt9Kveu1NO68woU9BToCXAZzav Yu/oBZH0WmAORKvWzM81OfdVGJUxD0aUk3XJER0+1clG6J1DzZZflFqk0mQFE7SX69EC15VxN zLFcPBnpiOsoMAOnbjUnBCrKEvVHQJf4KrEcAcJMgRrhgvESkQN X-UI-Loop:V01:OCoL2x6kbxw=:JvuOtm140PtoGztMru+4TZyUIGF1C1bzvRdimvnwMDA= X-UI-Out-Filterresults: notjunk:1;V01:K0:469RxuoaQrw=:BCF48DUWI6Hf4GbO53vSXm DSd+AHmODtIlpCgZlAW0jG+YuLHur7uS7/+WMpz3hJqnAbSj3f+j09Yc6AZwQRscAHdZ97C4K HGrDTIadUErOgvm0P8wI3a4c/peECRZvWfS0QNu/QvU2JrxeDvGdyfMgNjViflt+5Hc/eGkHy GzIJGxoDIvIVWriDJU2tdAiYWJ9kyS6V2NRlge7M0cg2pAxv0oXwbu8r104no4ec9nH6FeYSV FpcWd0fzLqfceDW9uHe15AUZsViNb1EctMwdIOk+/7SJz/DMFJ8E61dCx/Fn3kjm4tuZ6u/I/ 2iub5nTDskk/NM7Ix6LUaiyWmVDqUuAIzCSQxkX5szVFdYKKjjvpzUV/jWqH99PfGBA8UEt+j g4MUG2iEo5dvN4gbVcP1Un6XHP4T31V2HTActqDt9ubxBqctv8W2nMX/XajOXxFD4SNGXZtqj HJakf7htnyHsCyzm+fz+GUYy5KYbouk= X-Scanned-By: MIMEDefang 2.78 on 81.169.212.23 Status: R X-Status: X-Keywords: X-UID: 8065 --000000000000b58834057433a142 Content-Type: text/plain; charset="UTF-8" Hi Joseph Thank you for your prompt response. You wrote > Once one allows unrestricted shell escape, all bets are off in terms of what > an arbitrary package can do. Your implication is that "restricted shell escape" both 1. reduces what an arbitrary package can do 2. improves security Please provide some evidence for (1), by for example providing references to the source code and tests. For (2), this also needs to be argued. Suppose software item AAA-SECURE is not, in fact, secure. Then AAA-SECURE is already a security risk, because its name allows a social engineering exploit, which perhaps can then be leveraged. By the way, the usual meaning of "restricted shell escape" is as in https://en.wikipedia.org/wiki/Restricted_shell. This page tell us: The restricted shell is not secure. The TeX/LaTeX community has a different meaning for "restricted shell escape". As you are using the term in this new way, please would you provide a definition. Please also would you discuss: http://tex-live.tug.narkive.com/1iD2CkdT/security-issues-for-restricted-shell-escape . with best regards Jonathan --000000000000b58834057433a142 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Joseph

Thank you for your prompt res= ponse. You wrote

> Once one allows unrestricted shell escape, all= bets are off in terms of what
> an arbitrary package can do.

Your implication is that "restricted shell escape&qu= ot; both
  1. reduces what an arbitrary package can do
  2. improves security
Please provide some evidence for (1), = by for example providing references to the source code and tests.

For (2), this also needs to be argued. Suppose software ite= m AAA-SECURE is not, in fact, secure. Then AAA-SECURE is already a security= risk, because its name allows a social engineering exploit, which perhaps = can then be leveraged.

By the way, the usual meani= ng of "restricted shell escape" is as in=C2=A0https://en.wikipedia.org/wiki/Res= tricted_shell. This page tell us: The restricted shell is not secure.

The TeX/LaTeX community has a dif= ferent meaning for=C2=A0"restricted shell e= scape". As you are using the term in this new way, please would you pr= ovide a definition.

with best regards

Jonathan --000000000000b58834057433a142--