On Sun, Apr 02, 2017 at 02:57:58PM +0200, Tommaso Cucinotta wrote:
> On 01/04/2017 07:12, Scott Kostyshak wrote:
> > Tommaso, any thoughts? Even if you don't have time to implement
> > something yourself, your opinion would be useful.
>
> Hi,
>
> AFAICR, boundary checks on existing fields of
On 01/04/2017 07:12, Scott Kostyshak wrote:
Tommaso, any thoughts? Even if you don't have time to implement
something yourself, your opinion would be useful.
Hi,
AFAICR, boundary checks on existing fields of that form, like the
converter file cache expiry time, are all independent/orthogonal
On Sat, Jan 21, 2017 at 11:35:37PM -0500, Scott Kostyshak wrote:
> On Sun, Dec 04, 2016 at 12:52:13PM -0500, Scott Kostyshak wrote:
> > On Sun, Dec 04, 2016 at 06:06:57PM +0100, Tommaso Cucinotta wrote:
> > > On 28/11/2016 00:42, Tommaso Cucinotta wrote:
> > > > On 27/11/2016 13:52, Guillaume
On 22/01/2017 05:13, Scott Kostyshak wrote:
But I still think that the
dialog should be an error, not a warning. There is 0% chance that the
export was correct. To me this suggests an error.
Tommaso, what are your thoughts?
agree, see [eaa3ddaf/lyxgit].
Also, highlighted that it's a
On Sun, Dec 04, 2016 at 12:52:13PM -0500, Scott Kostyshak wrote:
> On Sun, Dec 04, 2016 at 06:06:57PM +0100, Tommaso Cucinotta wrote:
> > On 28/11/2016 00:42, Tommaso Cucinotta wrote:
> > > On 27/11/2016 13:52, Guillaume Munch wrote:
> > > > * Converters>Security is located below the converter
On Sun, Nov 27, 2016 at 01:16:13PM +0100, Guillaume Munch wrote:
> > Also regarding the "first" warning (the "Launch of external converter is
> > forbidden" warning, which is the one I'm referring to above), although I
> > have not closely followed the conversation I have the following comment:
>
On 05/01/2017 20:15, Pavel Sanda wrote:
Helge Hafting wrote:
According to
http://stackoverflow.com/questions/10937597/security-risks-of-gnuplot-web-interface
,
gnuplot can be built "safer" by disabling pipe operations. That leaves the
unsafe commands "shell", "system" and "!", but a simple
Helge Hafting wrote:
> According to
> http://stackoverflow.com/questions/10937597/security-risks-of-gnuplot-web-interface
>
> ,
> gnuplot can be built "safer" by disabling pipe operations. That leaves the
> unsafe commands "shell", "system" and "!", but a simple shellscript using
> "grep" can
Den 17. des. 2016 00:14, skrev Pavel Sanda:
Helge Hafting wrote:
Protection will not be achieved in most cases, because users are used to
While I agree with what you write in general about security, I do not think
this is how things were implemented, so in 'most cases' you are wrong.
1.
Den 15. des. 2016 21:13, skrev Tommaso Cucinotta:
About chroot-ing, albeit seems doable to copy what a converter needs
in the restricted root, eg, ldd gives you what dynlibs are needed,
the problem stays with additional data the program might need, plus
you need additional privileges to
On Sun, Dec 18, 2016 at 12:06:02PM +0100, Kornel Benko wrote:
> Am Sonntag, 18. Dezember 2016 um 05:39:05, schrieb Scott Kostyshak
>
> > On Mon, Nov 28, 2016 at 12:42:31AM +0100, Tommaso Cucinotta wrote:
> >
> > > what are further calls to converters?
> >
> > After 244de5d2,
Am Sonntag, 18. Dezember 2016 um 05:39:05, schrieb Scott Kostyshak
> On Mon, Nov 28, 2016 at 12:42:31AM +0100, Tommaso Cucinotta wrote:
>
> > what are further calls to converters?
>
> After 244de5d2, LyX crashes for me on "paste from LaTeX" and "paste from
> HTML". To test,
On Mon, Nov 28, 2016 at 12:42:31AM +0100, Tommaso Cucinotta wrote:
> what are further calls to converters?
After 244de5d2, LyX crashes for me on "paste from LaTeX" and "paste from
HTML". To test, copy some plain text (don't copy from inside LyX because
then "paste from LaTeX" will still do a
Helge Hafting wrote:
> Protection will not be achieved in most cases, because users are used to
While I agree with what you write in general about security, I do not think
this is how things were implemented, so in 'most cases' you are wrong.
1. Unless you do informed decision and go to the
Le 15/12/16 à 21:13, Tommaso Cucinotta a écrit :
On 13/12/2016 11:25, Helge Hafting wrote:
that's why I'm looking into AppArmor instead, which is essentially
a
Seems like a good thing - especially the ability to prevent
networking. No network - no LyX-based virus at least.
we need both,
On 13/12/2016 11:25, Helge Hafting wrote:
that's why I'm looking into AppArmor instead, which is essentially
a
Seems like a good thing - especially the ability to prevent
networking. No network - no LyX-based virus at least.
we need both, file-system confinement and no networking, otherwise
Den 13. des. 2016 00:06, skrev Tommaso Cucinotta:
On 12/12/2016 12:04, Helge Hafting wrote:
In the general case, make a script (or utility program) that runs the
dangerous converter in a chroot, where nothing dangerous can be done.
No need for questions then. LyX already puts the document
On 12/12/2016 12:04, Helge Hafting wrote:
In the general case, make a script (or utility program) that runs the
dangerous converter in a chroot, where nothing dangerous can be done.
No need for questions then. LyX already puts the document files in a
temp directory so the cleanup after a latex
On 13/12/2016 12:04 a.m., Helge Hafting wrote:
I see a problem with this:
Den 06. nov. 2016 20:57, skrev Tommaso Cucinotta:
Converters marked with the new "needauth" option won't be run unless
the user gives explicit authorization, which is asked on-demand when
the converter
I see a problem with this:
Den 06. nov. 2016 20:57, skrev Tommaso Cucinotta:
Converters marked with the new "needauth" option won't be run unless
the user gives explicit authorization, which is asked on-demand when
the converter is about to be run (question is not asked if the
On 10/12/2016 19:58, Tommaso Cucinotta wrote:
thanks! The most clear seems to me the 2nd one ("enrico-proposal") :-)!
and, looking forward, the security box will likely add 2 items inside:
-) the number of days authorizations granted by the user are going to last for
(as discussed, to be
On 10/12/2016 11:31, Enrico Forestieri wrote:
On Sat, Dec 10, 2016 at 12:40:15AM +0100, Tommaso Cucinotta wrote:
I confess I'm lost as to which layouts have been proposed for the converters
prefs pane.
Probably, having a few pics/snapshots comparing the options might be the best
way to gather
I confess I'm lost as to which layouts have been proposed for the converters
prefs pane.
Probably, having a few pics/snapshots comparing the options might be the best
way to gather feedback from others.
Thanks,
T.
On 07/12/2016 21:00, Enrico Forestieri wrote:
On Wed, Dec 07, 2016
On Fri, Dec 09, 2016 at 10:39:14AM +0100, Jean-Marc Lasgouttes wrote:
> Le 07/12/2016 à 21:00, Enrico Forestieri a écrit :
> > Why would you think that a proper implementation (if and when that will
> > be performed) would need more space? However, please have a look at the
> > attached patch,
Le 07/12/2016 à 21:00, Enrico Forestieri a écrit :
Why would you think that a proper implementation (if and when that will
be performed) would need more space? However, please have a look at the
attached patch, which leaves more space to the converters definitions.
No need to revert f0f555b5, as
Le 05/12/2016 à 08:53, Tommaso Cucinotta a écrit :
On 04/12/2016 18:51, Guillaume Munch wrote:
Le 04/12/2016 à 18:06, Tommaso Cucinotta a écrit :
On 28/11/2016 00:42, Tommaso Cucinotta wrote:
On 27/11/2016 13:52, Guillaume Munch wrote:
* Converters>Security is located below the converter
Le 05/12/2016 à 08:36, Tommaso Cucinotta a écrit :
On 04/12/2016 18:37, Guillaume Munch wrote:
If there are n graphics, then are there n dialogs when opening the file
for the first time?
it asks as many times as there are (uncached) graphics needing 'needauth'
converters,unless you hit the
On Wed, Dec 07, 2016 at 06:15:02PM +0100, Jean-Marc Lasgouttes wrote:
>
> Yes, your patch make the separation clearer (although I am not sure that I
> like the oval rect).
I thought it would have helped in distingushing the sections, but this is
a mere detail.
> But the fact that this converter
Le 07/12/2016 à 17:01, Enrico Forestieri a écrit :
On Wed, Dec 07, 2016 at 12:06:41PM +0100, Jean-Marc Lasgouttes wrote:
I did not mean a security tab, but a "general" one that could contain:
- converter file cache
- security
- overwrite on export (from Output|general)
I don't like this
On Wed, Dec 07, 2016 at 12:06:41PM +0100, Jean-Marc Lasgouttes wrote:
>
> I did not mean a security tab, but a "general" one that could contain:
>
> - converter file cache
> - security
> - overwrite on export (from Output|general)
I don't like this further fragmentation. I like the fact that we
Le 06/12/2016 à 17:37, Tommaso Cucinotta a écrit :
Creating a separate prefs tab might be meaningful if we had more
security settings
not related exclusively to converters, but keeping things together
within a single
converters pane has the advantage of linking clearly the security
checkboxes
On Tue, Dec 06, 2016 at 10:57:56PM +0100, Tommaso Cucinotta wrote:
> On 06/12/2016 20:44, Enrico Forestieri wrote:
> > > From 8f157f2d3beb48ae87f9dcd07d59ee062a7a7da0 Mon Sep 17 00:00:00 2001
> > > From: Tommaso Cucinotta
> > > Date: Mon, 28 Nov 2016 00:31:46 +0100
> > > Subject:
On 06/12/2016 22:57, Tommaso Cucinotta wrote:
right ... couldn't find a way to restore the shortcut, other than ...
rollback :(, and apply a different UI clarification fix, would look like
the attached, how would u see that?
as we're at it, there was a clash in shortcuts for the new two
On 06/12/2016 20:44, Enrico Forestieri wrote:
From 8f157f2d3beb48ae87f9dcd07d59ee062a7a7da0 Mon Sep 17 00:00:00 2001
From: Tommaso Cucinotta
Date: Mon, 28 Nov 2016 00:31:46 +0100
Subject: [PATCH] Converters Prefs UI layout clarification.
[...]
-
- Converter
On Mon, Nov 28, 2016 at 12:42:31AM +0100, Tommaso Cucinotta wrote:
> From 8f157f2d3beb48ae87f9dcd07d59ee062a7a7da0 Mon Sep 17 00:00:00 2001
> From: Tommaso Cucinotta
> Date: Mon, 28 Nov 2016 00:31:46 +0100
> Subject: [PATCH] Converters Prefs UI layout clarification.
[...]
> -
On Tue, Dec 06, 2016 at 06:10:52PM +0100, Enrico Forestieri wrote:
> On Tue, Dec 06, 2016 at 05:37:40PM +0100, Tommaso Cucinotta wrote:
> >
> > Creating a separate prefs tab might be meaningful if we had more security
> > settings not related exclusively to converters, but keeping things
> >
On Tue, Dec 06, 2016 at 05:37:40PM +0100, Tommaso Cucinotta wrote:
>
> Creating a separate prefs tab might be meaningful if we had more security
> settings not related exclusively to converters, but keeping things
> together within a single converters pane has the advantage of linking
> clearly
On 05/12/2016 23:44, Scott Kostyshak wrote:
With the "Converter Definitions" label now at the same highlight/logical level
as "Converter File Cache" and "Security" ones, I think there is no more the
confusionabout which options in the dialog are specific to a single converter.
I still think it
Le 06/12/2016 à 14:16, Enrico Forestieri a écrit :
I still think it is confusing. What do you think about Guillaume's idea
of placing the global options above the converter definitions?
Note that the appearance also depends on the used Qt style. In the attached
you can see that a frame is
On Mon, Dec 05, 2016 at 05:44:46PM -0500, Scott Kostyshak wrote:
> On Mon, Dec 05, 2016 at 08:53:58AM +0100, Tommaso Cucinotta wrote:
>
> > With the "Converter Definitions" label now at the same highlight/logical
> > level
> > as "Converter File Cache" and "Security" ones, I think there is no
On Mon, Dec 05, 2016 at 08:53:58AM +0100, Tommaso Cucinotta wrote:
> With the "Converter Definitions" label now at the same highlight/logical level
> as "Converter File Cache" and "Security" ones, I think there is no more the
> confusionabout which options in the dialog are specific to a single
On 04/12/2016 18:37, Guillaume Munch wrote:
If there are n graphics, then are there n dialogs when opening the file
for the first time?
it asks as many times as there are (uncached) graphics needing 'needauth'
converters,unless you hit the "Run, and don't ask again for the same doc"
button.
Am Sonntag, 4. Dezember 2016 um 18:51:15, schrieb Guillaume Munch
> Le 04/12/2016 à 18:06, Tommaso Cucinotta a écrit :
> > On 28/11/2016 00:42, Tommaso Cucinotta wrote:
> >> On 27/11/2016 13:52, Guillaume Munch wrote:
> >>> * Converters>Security is located below the converter
On Sun, Dec 04, 2016 at 06:06:57PM +0100, Tommaso Cucinotta wrote:
> On 28/11/2016 00:42, Tommaso Cucinotta wrote:
> > On 27/11/2016 13:52, Guillaume Munch wrote:
> > > * Converters>Security is located below the converter configuration,
> > > which leads to think that they are converter properties
Le 04/12/2016 à 18:06, Tommaso Cucinotta a écrit :
On 28/11/2016 00:42, Tommaso Cucinotta wrote:
On 27/11/2016 13:52, Guillaume Munch wrote:
* Converters>Security is located below the converter configuration,
which leads to think that they are converter properties instead of
global settings.
Le 28/11/2016 à 00:42, Tommaso Cucinotta a écrit :
eh eh, what about remembering 'needauth' (as well as cursor pos) only for
those files in the recent files list :-), and collapse the 3 lists into
a single one, and a single session section ?
Two problems I see with this idea is that migrating
On 28/11/2016 00:42, Tommaso Cucinotta wrote:
On 27/11/2016 13:52, Guillaume Munch wrote:
* Converters>Security is located below the converter configuration,
which leads to think that they are converter properties instead of
global settings. What about placing it above the converter list?
On 27/11/2016 13:52, Guillaume Munch wrote:
Hi Tommaso,
Hi,
[...] Making AppArmor work would be
great too, but I suspect that it is going to be hard to have a
configuration which is both secure and without hassle to the user,
right, security comes often at a usability cost, hopefully we
On Sun, Nov 27, 2016 at 01:52:20PM +0100, Guillaume Munch wrote:
> * Converters>Security is located below the converter configuration,
> which leads to think that they are converter properties instead of
> global settings. What about placing it above the converter list?
I noticed this also.
Hi Tommaso,
I have been following your work on this issue with interest. Thank you,
this is something that was much needed. Making AppArmor work would be
great too, but I suspect that it is going to be hard to have a
configuration which is both secure and without hassle to the user,
especially
Le 25/11/2016 à 20:50, Scott Kostyshak a écrit :
On Fri, Nov 25, 2016 at 02:32:37PM -0500, Scott Kostyshak wrote:
I think the line-breaking in the warning dialog should be improved. The
horizontal width is larger than my 13 in. screen. See attached.
Note that the linebreaking on the *other*
On 11/25/2016 05:49 PM, Tommaso Cucinotta wrote:
> On 23/11/2016 01:11, Enrico Forestieri wrote:
>> On Tue, Nov 22, 2016 at 11:59:37PM +0100, Tommaso Cucinotta wrote:
>>>
>>> There's a couple of TODOs left:
>>> 1. versioning of the preferences file, I don't know much in this
>>> area, the
>>>
On 23/11/2016 01:11, Enrico Forestieri wrote:
On Tue, Nov 22, 2016 at 11:59:37PM +0100, Tommaso Cucinotta wrote:
There's a couple of TODOs left:
1. versioning of the preferences file, I don't know much in this area, the
patch adds a couple of preferences options, what else is needed?
Have a
On Fri, Nov 25, 2016 at 02:32:37PM -0500, Scott Kostyshak wrote:
> On Wed, Nov 23, 2016 at 10:27:03PM +0100, Tommaso Cucinotta wrote:
>
> > Any further comment welcome, thanks!
>
> I think the line-breaking in the warning dialog should be improved. The
> horizontal width is larger than my 13 in.
On Wed, Nov 23, 2016 at 10:27:03PM +0100, Tommaso Cucinotta wrote:
>
> One note: one way to avoid the [auth session] section growing unbounded,
> might be to have an expiry timestamp, so that e.g., authorizations would
> expire in ~1y or so. This might be done with a section syntax like:
>
>
On 11/23/2016 04:27 PM, Tommaso Cucinotta wrote:
> On 23/11/2016 01:11, Enrico Forestieri wrote:
>>> 1. versioning of the preferences file...what else is needed?
>>
>> Have a look at c2a18fc1 to get an idea.
>
> ok, thanks, do we need also anything else on the prefs2prefs side? If
> not, do we
On 23/11/2016 01:11, Enrico Forestieri wrote:
1. versioning of the preferences file...what else is needed?
Have a look at c2a18fc1 to get an idea.
ok, thanks, do we need also anything else on the prefs2prefs side? If not, do
we actually need to bump up the prefs file version? What if a
On Tue, Nov 22, 2016 at 11:59:37PM +0100, Tommaso Cucinotta wrote:
>
> There's a couple of TODOs left:
> 1. versioning of the preferences file, I don't know much in this area, the
> patch adds a couple of preferences options, what else is needed?
Have a look at c2a18fc1 to get an idea.
> 2.
Hi,
thanks Enrico & Pavel, hopefully all comments integrated in the pushed version.
There's a couple of TODOs left:
1. versioning of the preferences file, I don't know much in this area, the
patch adds a couple of preferences options, what else is needed?
2. persistent storage of the
On Mon, Nov 21, 2016 at 05:50:45PM -0800, Pavel Sanda wrote:
> Tommaso Cucinotta wrote:
> > On 21/11/2016 01:49, LyX Ticket Tracker wrote:
> >> Comment (by t.cucinotta):
> >>
> >> Just worked out new separate patch-set for the cross-OS needauth security
> >> option for converters (asking users
Tommaso Cucinotta wrote:
> On 21/11/2016 01:49, LyX Ticket Tracker wrote:
>> Comment (by t.cucinotta):
>>
>> Just worked out new separate patch-set for the cross-OS needauth security
>> option for converters (asking users if they really know what they're
>> about
>> to be doing). Added further
On 21/11/2016 01:49, LyX Ticket Tracker wrote:
Comment (by t.cucinotta):
Just worked out new separate patch-set for the cross-OS needauth security
option for converters (asking users if they really know what they're about
to be doing). Added further global option that forbids use anyway,
On 07/11/2016 00:19, Richard Heck wrote:
Questions:
We're not supposed just to use "Yes" and "No", right?
still missing the global option to suppress any questions (assume always yes or always
no), and, I think also the persisting the chosen yes/no to disk (where? any hint? what
about
Questions:
We're not supposed just to use "Yes" and "No", right?
This changes the format of some file or other. Which one? Is this a
format change in the relevant sense of "master only"?
> diff --git a/src/Converter.cpp b/src/Converter.cpp
> index 58e486e6..02631ca4 100644
> ---
last patch attached.
T.
On 06/11/2016 20:56, LyX Ticket Tracker wrote:
#10481: Hardening LyX against potential misuse
-+--
Reporter: t.cucinotta | Owner: lasgouttes
Type: enhancement | Status: new
Priority: highest
forgot to attach the patch.
T.
On 05/11/2016 02:34, LyX Ticket Tracker wrote:
#10481: Hardening LyX against potential misuse
-+--
Reporter: t.cucinotta | Owner: lasgouttes
Type: enhancement | Status: new
Priority:
On 11/04/2016 08:20 PM, Tommaso Cucinotta wrote:
> On 05/11/2016 01:16, LyX Ticket Tracker wrote:
>> Attached a first attempt at JMarc's proposed user prompt.
>
> here's the patch, for on-list discussion if preferred.
> @@ -402,6 +405,18 @@ bool Converters::convert(Buffer const * buffer,
>
On 05/11/2016 01:16, LyX Ticket Tracker wrote:
Attached a first attempt at JMarc's proposed user prompt.
here's the patch, for on-list discussion if preferred.
T.
commit 2c24f0e0
Author: Tommaso Cucinotta
Date: Sat Nov 5 01:00:44 2016 +0100
Add needauth option
68 matches
Mail list logo