Tommaso Cucinotta wrote:
>> - we could add pref setting combo like "never run/run after
>> confirmation/never ask" and 2nd option could be your dialog which allows
>> switching to "never ask" for a given document(or global?). Any install will
>> have default "never run" and require that user goes
On 18/11/2016 07:37, Pavel Sanda wrote:
Tommaso Cucinotta wrote:
Apparmor is considered experimental and userspace utils are hardmasked under
gentoo (aka ultraexperimental stuff which might break).
ok, good to know. Ubuntu seems to have jumped trustfully onto it
tommaso@tommylap:~$ find
Tommaso Cucinotta wrote:
> it says "Permission denied" :-)!
> So, the idea is to wrap execution of any external converter/plotter/etc.,
> so that they can only write into the /tmp/ folder, except for the case of
> exporting to .pdf, .tex, etc.
>
> Any distro packager on the list with comments?
On 14/11/2016 01:11, Kornel Benko wrote:
Confirmed, with the alias method. But I am unsure about lyx-response.
Though, as expected, nothing is created (if using 'system("tar -czf
/home/kornel/ssh.tar.gz $HOME/.ssh")')
lyx shows no errors. That is, the stderror-output shows that the command tar
Am Montag, 14. November 2016 um 00:44:56, schrieb Tommaso Cucinotta
> On 14/11/2016 00:32, Kornel Benko wrote:
> > (I had to rename it, because /usr/local is symbolic link to /usr9/local)
> > Also the file name is now usr9.local.bin.lyxwrap2.3 and the content has
> > 'usr9'
On 14/11/2016 00:32, Kornel Benko wrote:
(I had to rename it, because /usr/local is symbolic link to /usr9/local)
Also the file name is now usr9.local.bin.lyxwrap2.3 and the content has 'usr9'
too.
yeah, that's the issue then...
but still the /tmp/ssh.tar.gz is created. But now
Am Montag, 14. November 2016 um 00:15:04, schrieb Tommaso Cucinotta
> On 14/11/2016 00:01, Kornel Benko wrote:
> >> The AppArmor test is quite straightforward:
> >>
> >>/usr/local/bin/lyxwrap-2.3 touch ~/something
> >>/usr/local/bin/lyxwrap-2.3 touch /tmp/whatever
> >>
>
On 14/11/2016 00:01, Kornel Benko wrote:
The AppArmor test is quite straightforward:
/usr/local/bin/lyxwrap-2.3 touch ~/something
/usr/local/bin/lyxwrap-2.3 touch /tmp/whatever
check if created
Created. (Is here a typo? Shouldn't it be usr/local/bin/lyxwrap2.3 ?)
1st one should have
Am Sonntag, 13. November 2016 um 23:45:20, schrieb Tommaso Cucinotta
> On 13/11/2016 23:34, Kornel Benko wrote:
> > The file /etc/apparmor.d/usr.local.bin.lyx2.3 is attached, I don't see
> > anything wrong.
> > I have to confess, this is new to me, so I may have gotten
On 13/11/2016 23:34, Kornel Benko wrote:
The file /etc/apparmor.d/usr.local.bin.lyx2.3 is attached, I don't see anything
wrong.
I have to confess, this is new to me, so I may have gotten something wrong.
first guess would be: make sure you installed with "make install" and you're
running LyX
Am Sonntag, 13. November 2016 um 22:40:59, schrieb Tommaso Cucinotta
> On 13/11/2016 22:33, Kornel Benko wrote:
> > You are right. Through the script we try to run "lyxwrap2.3", and this
> > command does not exist in my case.
> >
> > I could not find lyxwrap.cpp, therefore I
On 13/11/2016 15:10, Kornel Benko wrote:
Yes, creating the cmake changes for unix(linux) like platforms. Don't know,
what to do for
windows or MAC.
From a lightning fast investigation, it seems that Mac OS-X has an "App
Sandbox" feature that can be used for the purpose, nor sure whether the
On 13/11/2016 22:33, Kornel Benko wrote:
You are right. Through the script we try to run "lyxwrap2.3", and this command
does not exist in my case.
I could not find lyxwrap.cpp, therefore I can not create this command.
slipped out of the commits, sorry about that! Now it's in my repo, or just
Am Sonntag, 13. November 2016 um 20:47:58, schrieb Tommaso Cucinotta
> On 13/11/2016 20:44, Tommaso Cucinotta wrote:
> > looks suspicious... pls, make a happy case test! (perhaps everything is
> > failing as opposed to only what should fail?)
You are right. Through the script
On 13/11/2016 20:44, Tommaso Cucinotta wrote:
looks suspicious... pls, make a happy case test! (perhaps everything is failing
as opposed to only what should fail?)
also, to ensure to trigger the converters, you need to wipe ~/.lyx-XXX/cache/*
(guess you know already, but just in case...).
Am Sonntag, 13. November 2016 um 14:51:51, schrieb Tommaso Cucinotta
> On 13/11/2016 14:40, Kornel Benko wrote:
> lyxwrap rm /home/tommaso/whatever
>
> it says "Permission denied" :-)!
> So, the idea is to wrap execution of any external
>
On 13/11/2016 14:40, Kornel Benko wrote:
lyxwrap rm /home/tommaso/whatever
it says "Permission denied" :-)!
So, the idea is to wrap execution of any external converter/plotter/etc., so
that they can only write into the /tmp/ folder, except for the case of
exporting to .pdf, .tex, etc.
The
Am Sonntag, 13. November 2016 um 14:37:02, schrieb Kornel Benko
> Am Sonntag, 13. November 2016 um 13:42:51, schrieb Tommaso Cucinotta
>
> > On 07/11/2016 00:57, Tommaso Cucinotta wrote:
> > > if I run:
> > >
> > > lyxwrap rm /home/tommaso/whatever
> > >
> > >
Am Sonntag, 13. November 2016 um 13:42:51, schrieb Tommaso Cucinotta
> On 07/11/2016 00:57, Tommaso Cucinotta wrote:
> > if I run:
> >
> > lyxwrap rm /home/tommaso/whatever
> >
> > it says "Permission denied" :-)!
> > So, the idea is to wrap execution of any external
On 07/11/2016 00:57, Tommaso Cucinotta wrote:
if I run:
lyxwrap rm /home/tommaso/whatever
it says "Permission denied" :-)!
So, the idea is to wrap execution of any external converter/plotter/etc., so
that they can only write into the /tmp/ folder, except for the case of
exporting to .pdf,
Just something concrete to play with, attached.
If I run:
lyxwrap rm /tmp/whatever
it is executed, but if I run:
lyxwrap rm /home/tommaso/whatever
it says "Permission denied" :-)!
So, the idea is to wrap execution of any external converter/plotter/etc., so
that they can only write into
Hi all,
#10481 is dealing with the problem of making LyX robust to any possible threat arising
from maliciously crafted .lyx files that launch unwanted code when viewed on screen
and/or converted to PDF/others. The currently provided patch warns the user before
launching any converter marked
22 matches
Mail list logo