I often work on Windows, so need to use MiKTeX. I recently found the minted
package, which needs to call the external command pygmentize
. I currently call xelatex
with the -shell-escape
option to support this, but I'd rather not give malicious latex files complete access to my system. TeXLive has the --restricted-shell-escape
option, which is what I want, but it doesn't seem to be available on MiKTeX. I did find a passing reference to --shell-restricted
, but I don't know if that's what I want, and if it is what I want I don't know how to use it.
Is --shell-restricted
a way to tell XeLaTeX to run pygmentize
but not del /F /S /Q C:\*.*
? If so, how do I use it? If not, is there such a way and how do I use it? If you can, could you also link me to the official documentation on the subject?
Best Answer
MiKTeX includes the option
--restrict-write18
to allow a restricted set of commands to be run: this is enabled by default with an up-to-date MiKTeX. However, to allow this to work withminted
there are two additional issues. First, you need to addpygmentize
to the list of allowed commands: a separate question on this (probably for the 'general case') would be best. Secondly,minted
checks for fully-enabled\write18
before it will even run: circumventing this would require a modified version of the package or a request to the package author to change the code.As an aside, TeX Live runs fine on Windows, but of course you'd still have to deal with the two caveats.