On 22/07/2017 00:47, Guenter Milde wrote:
Enrico's patch did not touch "needauth" but has some nice features for
"shell-escape": it addressed the "set and forget" issue by
a) adding a red icon to the status bar if a document has the "allow
shell-escape" flag.
b) revoking the permission, if the document is moved/copied to another
location.
I like the approach
+1, I like the idea of a visual feedback on the current security/trust status,
e.g., it resembles the lock icon used in web browsers for https://.
From a user perspective, a common interface to "needauth" and "allow
shell escape" seems the best. "needauth" could actually take advantage of
Enrico's patch.
once I'll gain some spare time this summer, I'll try a merge :-)...
* Add "unsafe pdflatex" (== pdflatex --shell-escape) and "unsafe xelatex"
as new converters requiring "needauth".
this sounds like something easy but already discussed and unliked/discarded.
* Allow per-converter permission settings (instead of one generic: "I
trust/don't trust all unsafe converters").
the current system-wide setting is for all converters (disable any needauth,
allow them but warn me, allow them without constraints), whilst the memory
about trusted documents is per-document -- this makes sense because the
main source of untrust seems the document when coming from who knows where;
once the user acks that the doc is trusted, then we go without bugging the
user for each conversion. However, how would a per-converter settings
work, and how could I trust unconditionally, let's say, a R kneave/sweave
inset in a LyX doc coming from unknown sources, while at the same time
trust that an embedded gnuplot script or shell-escape command would not
delete my home folder ?
* Give users the possibility to check scripts before allowing to run them
with shell-escape or at least list all parts of the document that will be
allowed to run in unsafe mode
(e.g. all gnuplot scripts for "gnuplot allowed", all ERT, preamble,
document classes and packages for latex with shell escape).
that sounds like a feature enhancement deserving an entry on Trac ?
T.
