On Wed, Jun 28, 2017 at 12:25:58AM +0200, Tommaso Cucinotta wrote: > On 28/06/2017 00:02, Enrico Forestieri wrote: > > ...and those converters can execute > > arbitrary commands, > > just to be sure, I just double-checked that on current trunk, without any > settings in one's ~/.lyx/, the default behavior will be "Forbid use of > needauth converters", so any of those dangerous ones would be disabled by > default.
At the moment there is no shell escape added when using minted, so it is even more secure. > As for shell-escape, I couldn't go through the whole thread yet, but it seems > very related, so it makes sense to be added as well. Whether in this release > or next one, it's all up to the release master, though! I am not interested in this support. Don't need it, simply. I was taken perforce in this debate. I tried to do my best to address the concerns of various people. When Jürgen raised this question, I told him that this would have been the same as opening a pandora's box. What I can't stand is that someone is asking for reverting support for a feature which in itself is less dangerous than needauth. It is this kind of hypocrisy which is unbearable. > AFAICS, a reasonable (needauth-alike) behavior seems: > - a document-specific setting tagging the document as one needing to run > latex with -shell-escape > - only when trying to run latex (or pdflatex, if it supports -shell-escape, > or others), at the first attempt, trigger similar security questions as for > needauth: > a) the document needs to be compiled with this potentially harmful option, > are you sure you want to do that ? (y)es, (a)lways for this doc, (n)o [(r)un > without shell-escape ?] > b) have another set of settings similar to needauth ones (or re-use them ?) > that disable the question by default, so the user cannot choose (y)es unless > changes explicitly the settings > - if one just opens the .lyx, makes edits, but never previews, nor needs to > run latex, then no question pops up. > > Just quick thoughts, though. I proposed about 5 different patches all taking more or less into account all of what you are saying. Again, for taking into account various concerns, not because I wanted to have support for shell escape. Now I stop it here. If someone wants to add support for shell escape, he can freely reuse the patches I posted. I am out now. Thank you for your balanced suggestions. -- Enrico
