Le 17/07/2017 à 16:25, Richard Heck a écrit :
If I read JMarc's messages properly, then he also agrees that the security issues are essentially the same. That also seems right to me.
Hi Richard, I did not reply to Jean-Marc, so I'll say here that I too agree with what he wrote at <https://www.mail-archive.com/lyx-devel@lists.lyx.org/msg201012.html>. I think we are on the same page that -shell-escape and R are similar in terms of security and should both be treated using needauth, and needauth be improved, you can also find suggestions along those lines in earlier messages of mine.
It's true that we've always tried to be cautious about security.
I saw that you have been a proponent of the safe approach in the past and thank you for this.
But there is only so much we can do. Warning the user that they are about to do something that is potentially dangerous, and making it as simple as possible for the user to manage those privileges, is the best we can do. I don't see the difference either between R-code and minted in this respect. So I'm inclined to go with some version of Enrico's patch.
I disagree with the "there is only so much we can do" argument. Minted.sty is only a small interface to Pygments. * One could implement one of the several other interfaces to Pygments (trading a few features in exchange of security). * One could interface Pygments directly with LyX without relying on a LaTeX package. * One could ask the author of minted.sty whether he would like to provide an alternative to requiring -shell-escape. Either of these would require less time and less imagination than has been spent so far into personal attacks. The limitations of needauth-like mechanisms have been raised early, and ignored. One cannot do much currently to increase the security of users of -shell-escape, R or gnuplot. Needauth only helps when these are not needed. But one can try to avoid encouraging LyX users becoming -shell-escape users. That would be a real service made to LyX users. I see arbitrary code execution at the other end of balance and think that "there is only so much we can do" means a complete turnaround in this case. Guillaume (About the personal attacks: I mean to write about it at a later point in time. If I have not been replying to Enrico, this does not mean that I do not see his messages.)