On 2017-08-04, Christian Ridderström wrote:

Hej Christian,

> Q1: Can postscript (PS) code be embedded in a LyX document in such a way
> such that it's parsed when doing a preview, or exporting a document?

Not usually. 

> Q2: Can PS code only be included by embedding a graphics inset referencing
> e.g. a .ps-file?

This is the normal way. 

However, raw LaTeX code (ERT, preamble, or a package like pstricks) can
write a file with any kind of Postscript code that is then read in as
included graphic.

> Q3: Would the PS code, in e.g. an external file, be parsed as part of
> previewing, or only when exporting?

AFAIK, it is parsed for preview in the GUI as well as when opening the
LaTeX-generated Postscript document in a viewer (e.g. via View>Postscript).

I don't know whether the process of converting to PDF requires full
parsing or is safe.

> And finally:

> Q4: Is PS code able to do system calls when called/parsed in some indirect
> manner by LyX?

I don't think so.  However, Postscript can be used to hack a printer in
various ways.

Microsoft decided to end support for EPS images in MS Office.
as of the April 11, 2017, security update.

  "This change was done in response to active security incidents
  involving files. EPS files allow embedded scripts, which makes them a
  means of malicious attack for anyone who inserts an EPS file or opens a
  document that has an EPS file in it."
It may be interesting to find more about the background for this decision...

> Depending on the result something should perhaps be added to the wiki page.
> /Christian

> Note: IIRC PS is Turing complete.

As is TeX. Turing completeness does not necessarily mean "dangerous", it
depends on the interpreter.


Reply via email to