What are the security risks in this line of LaTeX code, and what can be done to reduce them? The LaTeX3 project wants TeX macros to be able to do file operations via shell escape.
{ cp~-RLf~ \exp_not:N \tl_to_str:n {#1} ~ \tl_to_str:n {#2} }
If you're a friend of TeX and LaTeX you might want to help. I'm sure the LaTeX3 team will welcome your comments.
Code review on github: https://github.com/latex3/latex3/commit/7b62e64dde239f9cb6ae0f08400c0b5ccde815d8#diff-09def3f98d60fce78fbcc00e77c65795R3093
LaTeX 3 issue: State clearly security aspects of l3sys-shell #472
Other relevant URLs.
- Initial request: https://github.com/tohecz/yoin/issues/3
- LaTeX 3 issue: https://github.com/latex3/latex3/issues/468
- Post to LaTeX3 mailinglist:
https://listserv.uni-heidelberg.de/cgi-bin/wa?A2=ind1808&L=LATEX-L&F=&S=&P=73
