os.execute() is not disabled

[Kole6738]

tl;dr Arbitrary mods can get up to arbitrarily bad things on users' PCs.

It isn't that hard to run an empire agent through the os.execute() lua function, and you just need to do some very basic things I won't explain here to get it to run in the background and make it looks like pd2 had a single black frame. This came from me goofing around with a friend in an impromptu week-long pentest of each other, and I spent half an hour making the thing work, so I can't imagine it would be too hard for a mod to be written that does the same thing by someone who knows what they're doing. os.execute is an incredibly dangerous mod, and I feel BLT has the duty to block the use of an arbitrary code execution function unless the user explicitly opts in and clicks through an explanation of why doing so is dangerous unless they audit each mod. I don't know of any mods that currently use os.execute() after parsing all BLT mods I could get my hands on and I can't imagine very many uses for it outside incredibly niche mods, so doing this sandboxing isn't likely to break things. All in all, I feel that blocking this is an important action to take, and will help prevent malicious code from being as easily packaged in mods.
Here's a tutorial on how to sandbox a lua chunk, something that could be done on a global scale unless the player manually opts-out of this protection.
http://lua-users.org/wiki/EnvironmentsTutorial