On Wed, Jun 28, 2017 at 02:36:49PM +0200, Guillaume MM wrote: > Le 27/06/2017 à 23:45, Tommaso Cucinotta a écrit : > > > > needauth was a urgently needed mitigation of the security issues behind > > running > > arbitrary external tools when compiling LyX documents; a more engineered > > remedy > > AFAICR was actually the use of sandboxing machineries, which was > > prototyped on > > Ubuntu/Linux using AppArmor. > > This is also what I remember. The now secured converters were sweave and > knitr, introduced in 2011 and 2012.
+1 > I see that you have also introduced a gnuplot converter with an example. > > + Proportionality: unsafety is actually a main feature of gnuplot from > what I understand from http://www.yqcomputer.com/320_2475_1.htm > + Specificity: only gnuplot is given elevated privileges, which is what > the user wants. > - UI problem 1: When I open the example, I immediately get the needauth > dialog for showing the preview. I thought we only wanted unsafe > execution when compiling the document. I forget what we decided on this. If we don't give the dialog, then we should just disable the preview? > It seems to me that needauth, as it is, is not ready for the addition of > gnuplot. What do you think? I'm not sure. Is it less secure than Sweave/knitr? Or is your argument that those were already there so needauth makes them safer, but we should not add any other converter that needs needauth? Scott
signature.asc
Description: PGP signature