Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by h2774747.stratoserver.net (8.15.2/8.15.2/Debian-3) with ESMTP id w7PKFhs8027481 for ; Sat, 25 Aug 2018 22:15:44 +0200 Received: from relay.uni-heidelberg.de ([129.206.100.212]) by mx-ha.gmx.net (mxgmx015 [212.227.15.9]) with ESMTPS (Nemesis) id 1MANFR-1g4tV44Abj-00BaCg for ; Sat, 25 Aug 2018 22:15:38 +0200 Received: from listserv.uni-heidelberg.de (listserv.uni-heidelberg.de [129.206.100.94]) by relay.uni-heidelberg.de (8.15.2/8.15.2) with ESMTP id w7PKFbv0006461; Sat, 25 Aug 2018 22:15:37 +0200 Received: from listserv (localhost [127.0.0.1]) by listserv.uni-heidelberg.de (Postfix) with ESMTP id BB2E7125A0E; Sat, 25 Aug 2018 22:15:31 +0200 (CEST) Received: by LISTSERV.UNI-HEIDELBERG.DE (LISTSERV-TCP/IP release 16.0) with spool id 29106537 for LATEX-L@LISTSERV.UNI-HEIDELBERG.DE; Sat, 25 Aug 2018 22:15:31 +0200 Delivered-To: LATEX-L@listserv.uni-heidelberg.de Received: from relay2.uni-heidelberg.de (relay2.uni-heidelberg.de [129.206.119.212]) by listserv.uni-heidelberg.de (Postfix) with ESMTP id 9FF1612548F for ; Sat, 25 Aug 2018 22:15:31 +0200 (CEST) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by relay2.uni-heidelberg.de (8.15.2/8.15.2) with ESMTPS id w7PKFQfx026184 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Sat, 25 Aug 2018 22:15:29 +0200 Received: by mail-wr1-f53.google.com with SMTP id g33-v6so10188348wrd.1 for ; Sat, 25 Aug 2018 13:15:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=wJ4fscAtRiEUxKbpNXdrT7iEg0IsV8/6Fn2iKdoPC/w=; b=gz5kpTdBO0rPyUk33o6Fy3Q7EPmzz0473n9lQfZqlqT4DjM1KH1ty0keTyGr+UmK+G RHFQZ06o2KoEn3mViB4GKrtFjMQmrRPXKIQ8k0KMgclzraDWLR0y+OCX/AxW7TCE6mDT gn0dY5xER7wD80H+np06ARjP0O+I5DdD5UbYxM/B/QDsnNfbU1RJxybKipQa514xswmX 7l2rJkqFnKXFHnOlfTFLB6t1VvvWFTfdJ9XjZ0SrL6PklC0tXZ9Cn2PDZxKt3tydUQJ4 XYSksqxE29LvnDPJmV6uag3Lg0a1KAxDPNCK7CIyzEhn7pixTj8yZoGO+/gK8ve6iJll EfNQ== X-Gm-Message-State: APzg51AVcgIxOy7NNc0as279Ia/bQ/UM/pQHCabk6PJpfzBL0H7Jk93t wX5RQIRu2s+UAAQn6uCE2P4YS3RN X-Google-Smtp-Source: ANB0VdaTA5xpuskMDhusrb/HG9Yf26gMxEe/fYu6gzz5rkj7yRczSJ/2dg/5dxPJ14TVymyAFFXDuA== X-Received: by 2002:adf:ef89:: with SMTP id d9-v6mr4445007wro.195.1535228125932; Sat, 25 Aug 2018 13:15:25 -0700 (PDT) Received: from ?IPv6:2a01:e35:243b:27d0:741a:3b54:c694:39b5? ([2a01:e35:243b:27d0:741a:3b54:c694:39b5]) by smtp.gmail.com with ESMTPSA id 139-v6sm5906197wmp.4.2018.08.25.13.15.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 25 Aug 2018 13:15:25 -0700 (PDT) References: <7aac3298-e217-7dfe-6787-ad1b69f43fc4@morningstar2.co.uk> <44b7823e-d23a-6662-d777-f3b30ac4b2b5@morningstar2.co.uk> <4b86edd6-2fd4-fa4e-ddaf-aed2ba6fd216@earthlink.net> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Message-ID: Date: Sat, 25 Aug 2018 22:15:23 +0200 Reply-To: Mailing list for the LaTeX3 project Sender: Mailing list for the LaTeX3 project From: Bruno Le Floch Subject: Re: System shell functions To: LATEX-L@LISTSERV.UNI-HEIDELBERG.DE In-Reply-To: <4b86edd6-2fd4-fa4e-ddaf-aed2ba6fd216@earthlink.net> Precedence: list List-Help: , List-Unsubscribe: List-Subscribe: List-Owner: List-Archive: Envelope-To: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3; X-UI-Filterresults: notjunk:1;V01:K0:zaaj5/zFXj8=:vjxTQku+Pk9wZhCe11eXnhMIZo xP+xEk2Z9VwxF3lIlQvLnw6MKtZ3IAiN85mPGeFlPYbp+6t1arUmiymbAiJ20E8AsocuDANPB gkpTUEdw25o/rQQyQM8A711I/1agGGBFcGC7p0D3uQPPva8peYUJC4Th3x1g1b/gOqRq/8v7L yORjxqXdT6oMf6E6JvmqtGIjC/70yptLoHi+bwpPW9vLbInoNUp+xsV2lj5W5PQWTk+PauES3 XS9dib82IVaUVwdDG+/3azUOrmFB27BRIRmLCcRmS/gOwfgi8PIgxaDPwZQDGwxnbfgoqjV4F q6HG9VjEZeQ9RXOUVFLwrTkt3ATmxBh+r3DzisZaEvrN635rpSol6lXVDLiQTRsz1hU4xahIN tzOObjyPwnlEv5brTII+nczXNFrhJBPOct04V3HwI1Zjw37/hObSAxiI/JmU5iLby0RiO2TXQ Ks7XmBAoEmevVUw9iQLIDziufgdUAkx0pvzAhdUQf67w6LfpxTVxTb4PPyqPxTHOrIt30zmup w6XkuIBfM6tjo1sy8OwUJ7QhWGesk7REUhQA6KH4HY+1voaZkPnR5cAXCfmJAdzfEBF/M03qe uOBr4es0AbLB5hmvnvHjojbVv9FexvjW6hn/Ohz2l1prgI9H3C1Yq35AtRiNOdtnBatHF90bQ HUXj3VLfkbs9EhwpWE7+9ow2+HtnlgRlg0z7C7cpuvAJaXMFgXrm5QRBYiAu+1UvpdnY/QwpW CBRcMpQrPBAfKoa2SqvoBMZJNoYCOAG3tCptqtXE7E/yHu5FE0o1B/3x46mGuiwfJ1r1NQkLR Q1HNay1vWyYAXW8P3Z7BUzamtVWGc1gPAclaG6s5zUfyNIrqVImah/5RjT+/08qo6Do0bMbFI 4WgLJ4itAtuiOZSGz5lLYitKKwGCHliDZSZSAYH6h/l3w/t8t7ip1LNM8vPt9w1NcOmINFwBJ j+A7cWYlBO6VHvjTzlxH5Cyjr2n2DLd0CDntJEalNQThMgg4KeMWJ7vh6SsDc9rTPI3KreSfX 1XuQFBxd8S9mue7bMsjJdDQdjIFTZGssBPhFg1658aLTFzUDvGuqSthVLqdyH2UsJ3csNZnkT QyffEqBQ1c9HzkK3lkUF5hIwjqh/Is4YiA1sP3ljb4AYKYEamXnIsy2ibEVoiwe29ERWpSFT6 jFSoTPVhshZtPCdjqwzKp24Y0ILEm3ugYBykuia/XVXi9nU34HBakoj4Ey53mTy6dlm0LjHQM bAcr69pu4BEhborSLlyU5pkCHTcMuum66+Y56OWegBmb3t7IPK9kYPxUxRLrLXufr2cVHom4e q8RMxlFPAZt6o9v0cAoqCUSHGvwJOGhi91QWFCRO8oNz5qrvLySnEdsUWFczIFJAqrG0QNDU4 1nOkybSt8MlnoIyBJWw3B+QY56/QFgNWKPx1BM7nnGbhKoub5+Xm3DeASzsLR0KGc/ye2+M3w QVA7ultF7NPKC1eOteanWyEzcRbIjmZbMGRVpMx1YKhLWqc7kPSHtd482UqxdOva7KQR4BQr+ O3QNJAGc2NrNZvbgHRrcv6jtQ4Bqfo4rN6vFw+L6jIBE4MIsCCyN3R9gfIaUH2aOMrjuaCanx bQePGZmvwvuAYPzlOhEil3RsV8dR1xq95Qx7ihU3SD55eYTz+mvR3qS6yVUWSMPdZQj30xVAz vl5X7/k0rykC9cUE92AvQTu6Un77zqp2thS3M+yun3VIGPg8jiYx7YsuacVe7NQVb3LocPnJj k5Xn8luTVH/ItbK8xaG2/ZQDOVfF/QHy1aikf2n20/hBpnBde1ftDlRujgKCGIr2+lc0/1J62 442CIekWj5x0e+1SHKHs8jL5KG+Nr4Zq0iMABnZSXcG2oi44hmo82dM6w4W25LG5hEf9mEtMU ITZX+9V7N1kqeVmyLn4E0HMjAWWqsjEgqHox52ovp+wE7xecce6YN1qPOUSpLVAptlaFX8b/C gNBJU5IfXgSeiKP/29VS6Vh00kDYqSeEZPplo5JrKPVHdIpIlJ0 X-UI-Loop:V01:Ln1ZDWeg+vU=:FKe2npSvW6PajMF2ovHALx1dqE+lLmbx8IDgEeDIBFc= X-UI-Out-Filterresults: notjunk:1;V01:K0:IrueiT72iRc=:pkEo404EBLlZUVD94jYQoD S51xAZ23t5CSUmxTBfecB5DLYPjbcGFjMWWmjvmDqtapLldm0HRVLDbCnYEY5TsxvZOuvBxRw ft8IXgBkVSq66d0xT+WRDbLoVB93edPfAHc8RHLNvJPUQW29j8Dp5qJiRfU22IVWrrbyBdcWt nMR6bckWR28Tdlvkv07YnAehQ2hBWmjUNcLlDvBdQ/xGjEFaqBWo5JBebn3fsZwmjZU7Q3o24 GmaI2oy5z4nofmWQj+4RIkcfPgJtD6IJtKzvc/Gc1maRehl27D7F4TddqhKoFh1ikBMhoNpJi Qe7TSPA2S1DsE3ls3RTqPBTvdpN8kmdN/M5OTl78/39hLNsxhiKhx+8sphbDwVGSpzLBGCnTe bN/b+4f3B0gomoFE5P648tleGJFkfKX44xEH5BzCzmNRAohodKHGRhQFUlHhQOvISEJjqr3z1 PsiBtjDG3RFZy/5zYwMm1VD0hD+ET+0= X-Scanned-By: MIMEDefang 2.78 on 81.169.212.23 Status: R X-Status: X-Keywords: X-UID: 8069 Peter, Let's say we have some macro that takes an argument and calls "ls #1" in the shell. Specifically \makeatletter \def \ls #1{\begingroup \everyeof{\noexpand}% \message{\@@input"|ls #1" }% \endgroup} Then someone can do \ls{; rm somefile} to remove the file "somefile", even though one may think that calling \ls is safe. Bruno On 08/25/2018 10:06 PM, Peter Wilson wrote: > Jonathon, > > I don't understand. Please explain it and its relevance to (La)TeX. > > Peter W. > > > On 24/08/18 22:00, Jonathan Fine wrote: >> Hi Joseph >> >> Please take a look at https://xkcd.com/327. It is the famous Bobby >> Tables story. >> >> Do you understand the exploit being described? This is an important >> preliminary question for the whole conversation. >> >> Jonathan