Re: spreadsheet capability?
On 15. juni 2010 00:17, Pavel Sanda wrote: [...] i'm all for having support of gnumeric/excel/oofice. but we are talking about delicate issue - before adding ssconvert we should be pretty confident that it only produces .tex files without running any additional code/script in the source files. (question on gnumeric devs?) apart from that the original patch was pretty clear, so i dont see any other hindrances. I got this answer from Jean Bréfort on the gnumeric list: At least for now, ssconvert does not execute any macro. So ssconvert don't run macros. It can recalculate cells, but will only do that if you use the --recalc parameter. Helge Hafting
Re: spreadsheet capability?
Helge Hafting wrote: At least for now, ssconvert does not execute any macro. So ssconvert don't run macros. It can recalculate cells, but will only do that if you use the --recalc parameter. ok then. can you repost the patch, i will put it into 2.0. pavel
Re: spreadsheet capability?
On 15. juni 2010 00:17, Pavel Sanda wrote: [...] i'm all for having support of gnumeric/excel/oofice. but we are talking about delicate issue - before adding ssconvert we should be pretty confident that it only produces .tex files without running any additional code/script in the source files. (question on gnumeric devs?) apart from that the original patch was pretty clear, so i dont see any other hindrances. I got this answer from Jean Bréfort on the gnumeric list: > At least for now, ssconvert does not execute any macro. So ssconvert don't run macros. It can recalculate cells, but will only do that if you use the --recalc parameter. Helge Hafting
Re: spreadsheet capability?
Helge Hafting wrote: > > At least for now, ssconvert does not execute any macro. > > So ssconvert don't run macros. It can recalculate cells, but will only do > that if you use the --recalc parameter. ok then. can you repost the patch, i will put it into 2.0. pavel
Re: spreadsheet capability?
On 15. juni 2010 00:17, Pavel Sanda wrote: [...] i'm all for having support of gnumeric/excel/oofice. but we are talking about delicate issue - before adding ssconvert we should be pretty confident that it only produces .tex files without running any additional code/script in the source files. (question on gnumeric devs?) apart from that the original patch was pretty clear, so i dont see any other hindrances. I asked on the gnumeric list. We'll see. Helge Hafting
Re: spreadsheet capability?
On 15. juni 2010 00:17, Pavel Sanda wrote: [...] i'm all for having support of gnumeric/excel/oofice. but we are talking about delicate issue - before adding ssconvert we should be pretty confident that it only produces .tex files without running any additional code/script in the source files. (question on gnumeric devs?) apart from that the original patch was pretty clear, so i dont see any other hindrances. I asked on the gnumeric list. We'll see. Helge Hafting
Re: spreadsheet capability?
On 29. mai 2010 01:56, Pavel Sanda wrote: Liviu Andronic wrote: On Fri, May 28, 2010 at 8:23 PM, Guenter Mildemi...@users.berlios.de wrote: However, the Gnumeric spreadsheet has a LaTeX export feature, so one could possibly write an external inset wrapper for it. Apparently there is a patch [1] by Helge Hafting. More info on the subject in this thread [2] and on the wiki [3]. Liviu PS Would the devels consider including the patch in LyX 2.0? please do you have any idea whether is safe to use blindly ssconvert or gnumeric in the sense that attacker can't write eg some excel macro-virus which would get executed via ssconvert or gnumeric? I don't know if ssconvert supports excel macros well enough to run a virus. I though macro viruses generally abused a visual basic interface that doesn't even exist on linux. But there is a very simple solution, if safety is the reason to not include my patch: I can change it so it only support gnumeric files, not excel files. ssconvert can convert oocalc, excel and gnumeric. But LyX can stick with the .gnumeric extension in order to be safe. I don't think gnumeric has such vulnerabilities designed into it. Would that be interesting? we have already rejected gnuplot support because of the fact that somebody could embed script like ! rm -rf / into .lyx file...
Re: spreadsheet capability?
Helge Hafting wrote: please do you have any idea whether is safe to use blindly ssconvert or gnumeric in the sense that attacker can't write eg some excel macro-virus which would get executed via ssconvert or gnumeric? I don't know if ssconvert supports excel macros well enough to run a virus. I though macro viruses generally abused a visual basic interface that doesn't even exist on linux. But there is a very simple solution, if safety is the reason to not include my patch: I can change it so it only support gnumeric files, not excel files. ssconvert can convert oocalc, excel and gnumeric. But LyX can stick with the .gnumeric extension in order to be safe. I don't think gnumeric has such vulnerabilities designed into it. Would that be interesting? i'm all for having support of gnumeric/excel/oofice. but we are talking about delicate issue - before adding ssconvert we should be pretty confident that it only produces .tex files without running any additional code/script in the source files. (question on gnumeric devs?) apart from that the original patch was pretty clear, so i dont see any other hindrances. pavel
Re: spreadsheet capability?
On 29. mai 2010 01:56, Pavel Sanda wrote: Liviu Andronic wrote: On Fri, May 28, 2010 at 8:23 PM, Guenter Mildewrote: However, the Gnumeric spreadsheet has a LaTeX export feature, so one could possibly write an "external inset" wrapper for it. Apparently there is a patch [1] by Helge Hafting. More info on the subject in this thread [2] and on the wiki [3]. Liviu PS Would the devels consider including the patch in LyX 2.0? please do you have any idea whether is safe to use blindly ssconvert or gnumeric in the sense that attacker can't write eg some excel macro-virus which would get executed via ssconvert or gnumeric? I don't know if ssconvert supports excel macros well enough to run a virus. I though macro viruses generally abused a visual basic interface that doesn't even exist on linux. But there is a very simple solution, if safety is the reason to not include my patch: I can change it so it only support gnumeric files, not excel files. ssconvert can convert oocalc, excel and gnumeric. But LyX can stick with the .gnumeric extension in order to be safe. I don't think gnumeric has such vulnerabilities designed into it. Would that be interesting? we have already rejected gnuplot support because of the fact that somebody could embed script like "! rm -rf /" into .lyx file...
Re: spreadsheet capability?
Helge Hafting wrote: >> please do you have any idea whether is safe to use blindly ssconvert or >> gnumeric >> in the sense that attacker can't write eg some excel macro-virus which >> would >> get executed via ssconvert or gnumeric? >> > I don't know if ssconvert supports excel macros well enough to run a virus. > I though macro viruses generally abused a visual basic interface that > doesn't even exist on linux. > > But there is a very simple solution, if safety is the reason to not include > my patch: > > I can change it so it only support gnumeric files, not excel files. > ssconvert can convert oocalc, excel and gnumeric. But LyX can stick with > the .gnumeric extension in order to be safe. I don't think gnumeric has > such vulnerabilities designed into it. > > Would that be interesting? i'm all for having support of gnumeric/excel/oofice. but we are talking about delicate issue - before adding ssconvert we should be pretty confident that it only produces .tex files without running any additional code/script in the source files. (question on gnumeric devs?) apart from that the original patch was pretty clear, so i dont see any other hindrances. pavel
spreadsheet capability?
Has anybody ever tried to provide lyx with some spreadsheet capability, exploiting its symbolic computation backends? thank you ---P
Re: spreadsheet capability?
On 2010-05-28, xPol wrote: Has anybody ever tried to provide lyx with some spreadsheet capability, exploiting its symbolic computation backends? Not to my knowledge. However, the Gnumeric spreadsheet has a LaTeX export feature, so one could possibly write an external inset wrapper for it. Günter
Re: spreadsheet capability?
On Fri, May 28, 2010 at 8:23 PM, Guenter Milde mi...@users.berlios.de wrote: However, the Gnumeric spreadsheet has a LaTeX export feature, so one could possibly write an external inset wrapper for it. Apparently there is a patch [1] by Helge Hafting. More info on the subject in this thread [2] and on the wiki [3]. Liviu PS Would the devels consider including the patch in LyX 2.0? [1] http://www.mail-archive.com/lyx-devel@lists.lyx.org/msg132049.html [2] http://www.mail-archive.com/lyx-us...@lists.lyx.org/msg75702.html [3] http://wiki.lyx.org/Tips/CopyTablesFromSpreadsheets
Re: spreadsheet capability?
Liviu Andronic wrote: On Fri, May 28, 2010 at 8:23 PM, Guenter Milde mi...@users.berlios.de wrote: However, the Gnumeric spreadsheet has a LaTeX export feature, so one could possibly write an external inset wrapper for it. Apparently there is a patch [1] by Helge Hafting. More info on the subject in this thread [2] and on the wiki [3]. Liviu PS Would the devels consider including the patch in LyX 2.0? please do you have any idea whether is safe to use blindly ssconvert or gnumeric in the sense that attacker can't write eg some excel macro-virus which would get executed via ssconvert or gnumeric? we have already rejected gnuplot support because of the fact that somebody could embed script like ! rm -rf / into .lyx file... pavel
spreadsheet capability?
Has anybody ever tried to provide lyx with some spreadsheet capability, exploiting its symbolic computation backends? thank you ---P
Re: spreadsheet capability?
On 2010-05-28, xPol wrote: > Has anybody ever tried to provide lyx with some spreadsheet capability, > exploiting its symbolic computation backends? Not to my knowledge. However, the Gnumeric spreadsheet has a LaTeX export feature, so one could possibly write an "external inset" wrapper for it. Günter
Re: spreadsheet capability?
On Fri, May 28, 2010 at 8:23 PM, Guenter Mildewrote: > However, the Gnumeric spreadsheet has a LaTeX export feature, so one > could possibly write an "external inset" wrapper for it. > Apparently there is a patch [1] by Helge Hafting. More info on the subject in this thread [2] and on the wiki [3]. Liviu PS Would the devels consider including the patch in LyX 2.0? [1] http://www.mail-archive.com/lyx-devel@lists.lyx.org/msg132049.html [2] http://www.mail-archive.com/lyx-us...@lists.lyx.org/msg75702.html [3] http://wiki.lyx.org/Tips/CopyTablesFromSpreadsheets
Re: spreadsheet capability?
Liviu Andronic wrote: > On Fri, May 28, 2010 at 8:23 PM, Guenter Mildewrote: > > However, the Gnumeric spreadsheet has a LaTeX export feature, so one > > could possibly write an "external inset" wrapper for it. > > > Apparently there is a patch [1] by Helge Hafting. More info on the > subject in this thread [2] and on the wiki [3]. > Liviu > > PS Would the devels consider including the patch in LyX 2.0? please do you have any idea whether is safe to use blindly ssconvert or gnumeric in the sense that attacker can't write eg some excel macro-virus which would get executed via ssconvert or gnumeric? we have already rejected gnuplot support because of the fact that somebody could embed script like "! rm -rf /" into .lyx file... pavel