On Wed, Jun 28, 2017 at 02:36:49PM +0200, Guillaume MM wrote:
> + Specificity: only gnuplot is given elevated privileges, which is what
> the user wants.
So, what? A system("whatever you want here") can be issued from a
gnuplot script. Then, one could say about shell-escape:
+ Specificity: only
Le 27/06/2017 à 21:00, Scott Kostyshak a écrit :
Where I
think there is disagreement is on whether we take a paternalistic
approach of "are you sure you know what you're doing? Think very hard
about this before you do it" or a lax approach of allowing users to
shoot themselves in the foot.
Le 27/06/2017 à 23:45, Tommaso Cucinotta a écrit :
needauth was a urgently needed mitigation of the security issues behind
running
arbitrary external tools when compiling LyX documents; a more engineered
remedy
AFAICR was actually the use of sandboxing machineries, which was
prototyped on