On Tue, Jul 18, 2017 at 11:32:14AM +0200, Guillaume MM wrote: > Le 17/07/2017 à 16:25, Richard Heck a écrit : > > > > If I read JMarc's messages properly, then he also agrees that the > > security issues are essentially the same. That also seems right to me. > > Hi Richard, > > > I did not reply to Jean-Marc, so I'll say here that I too agree with > what he wrote at > <https://www.mail-archive.com/lyx-devel@lists.lyx.org/msg201012.html>. I > think we are on the same page that -shell-escape and R are similar in > terms of security and should both be treated using needauth, and > needauth be improved, you can also find suggestions along those lines in > earlier messages of mine. > > > > > It's true that we've always tried to be cautious about security. > > I saw that you have been a proponent of the safe approach in > the past and thank you for this. > > > But > > there is only so much we can do. Warning the user that they are about to > > do something that is potentially dangerous, and making it as simple as > > possible for the user to manage those privileges, is the best we can do. > > I don't see the difference either between R-code and minted in this > > respect. So I'm inclined to go with some version of Enrico's patch. > > > > I disagree with the "there is only so much we can do" argument. > Minted.sty is only a small interface to Pygments. > > * One could implement one of the several other interfaces to Pygments > (trading a few features in exchange of security). > > * One could interface Pygments directly with LyX without relying on a > LaTeX package. > > * One could ask the author of minted.sty whether he would like to > provide an alternative to requiring -shell-escape. > > Either of these would require less time and less imagination than has > been spent so far into personal attacks. The limitations of > needauth-like mechanisms have been raised early, and ignored. > > One cannot do much currently to increase the security of users of > -shell-escape, R or gnuplot. Needauth only helps when these are not > needed. But one can try to avoid encouraging LyX users becoming > -shell-escape users. That would be a real service made to LyX users. > > I see arbitrary code execution at the other end of balance and think > that "there is only so much we can do" means a complete turnaround in > this case. > > Guillaume > > > (About the personal attacks: I mean to write about it at a later point > in time. If I have not been replying to Enrico, this does not mean that > I do not see his messages.)
Dear Guillame, you can try again to muddy waters, speak of personal attacks trying to reverse what is actually happening, but the reality is that you are willing to apply double standards to issues that are exactly the same. You cannot say you are doing it because you are concerned about security, otherwise you would have said the same for the needauth feature. You didn't do that and now you want to treat differently the shell-escape thing (to which I am not interested), but you are also intriguing to remove a feature that has no impact on security per se. Everyone can wonder why and arrive at some conclusion. -- Enrico
