On Fri, Dec 18, 2015 at 07:40:46PM -0800, Pavel Sanda wrote: > Scott Kostyshak wrote: > > Are the security concerns different for LyX? > > Yes. I am not saying it's impossible to implement it correctly, > but at the time we used startscript routine which is IIRC weak > when it comes to the concerns raised. Since I had working patch > for myself I didn't try to fix it, given what it could involve > (testing other archs etc...) > > Check c0bb9707cb & a522fc683a.
Thanks for the references. I found this relevant email thread: http://marc.info/?l=lyx-devel&m=129193159214353&w=2 I still don't understand the problem. I think knitr introduces more problems than this one. It is possible (and extremely easy) to compile a .lyx file and arbitrary system code is run. With the URL feature, at least the user is the one who is consciously opening a link and can see the link (wherease with a .lyx file it is easy to hide the knitr chunk from the user). But I suppose it is not a fair argument to say "this is not as insecure as that so this is not bad" because even if that is true we still want as few vulnerabilities as possible. In any case, I will not start a debate since I'd prefer not to spend the time. Also, I personally wouldn't use the feature. Scott
signature.asc
Description: PGP signature
