On 10/20/2019 10:15 PM, Marcin Borkowski wrote:
Maybe Lua is, but every scriptable program is a risk.
LuaTeX and write18 _are_ dangerous.
It would be very easy to spread malicious TeX code, since everyone uses CTAN
(LaTeX) packages without checking them first.
But it wouldn’t come far, I guess, for it needs a while for a package to become
known and in wide use, and that still means only in a subset of the (La)TeX
community, where there are enough expert hackers who would find this malicious
code.
Assuming that they would search for it. I'm less of an optimist here.
no problem getting a hit on a search
https://www.usenix.org/system/files/login/articles/73506-checkoway.pdf
-----------------------------------------------------------------
Hans Hagen | PRAGMA ADE
Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
tel: 038 477 53 69 | www.pragma-ade.nl | www.pragma-pod.nl
-----------------------------------------------------------------
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the
Wiki!
maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage : http://www.pragma-ade.nl / http://context.aanhet.net
archive : https://bitbucket.org/phg/context-mirror/commits/
wiki : http://contextgarden.net
___________________________________________________________________________________