Re: how to run a script when Leo starts

2018-02-26 Thread Edward K. Ream 
On Sun, Feb 25, 2018 at 11:38 AM, Phil  wrote:

Actually, the security risk would be higher if a Leo file could turn on
> @script by itself.
>

​Happily, it can't.  Only myLeoSettings.leo can set @bool
scripting-at-script-nodes = True

Security concerns exist for *any* executable that might be shared.  Such as
.bashrc files or user-defined startup scripts for any editor, including Leo
when #740 Execute .leo/leo_startup.py on startup
 is complete. The more
complex (and therefore potentially useful) such files are, the greater the
probability of sharing and the greater the risk of malware.

These problems aren't ever going to go aware.  Backups in separate places
are essential.

What makes @script nodes more dangerous is that they can easily be hidden
in a shared .leo file.  This is less true of flat text files, of whatever
length or complexity.

But the fact remains: it would be crazy to accept any executable file from
an unknown source without carefully reviewing its contents.

Edward

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.

Re: how to run a script when Leo starts

2018-02-26 Thread Edward K. Ream 
On Sun, Feb 25, 2018 at 10:45 AM, Phil  wrote:

​> ​
it would appear that there could be an outline-local version of the flag,
so that the global flag in myLeoSettings.leo could be set to False for
default behavior. There would still be a security risk for a specific Leo
file, which would need addressing, but it perhaps simplifies the problem
somewhat.

​Without looking at your example in detail, I can fairly confidently assert
that your conclusion is mistaken.

unittest.leo prints this message every time it loads:

Security warning! Ignoring...
@bool scripting-at-script-nodes = True
This setting can be True only in
leoSettings.leo or myLeoSettings.leo
Restoring value to False

Edward

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.

Re: how to run a script when Leo starts

2018-02-25 Thread Phil 
There would still be a security risk for a specific Leo file, which would 
need addressing, but it perhaps simplifies the problem somewhat.

Actually, the security risk would be higher if a Leo file could turn on 
@script by itself. It means that even when the global setting disallows 
@script, a specific Leo file could override that. Yuck!

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.

Re: how to run a script when Leo starts

2018-02-25 Thread Phil 
Alright, I have done a little test, as follows:


In myLeoSettings.leo:
@bool scripting-at-script-nodes = True

With test.leo
Under @settings, include this:
@bool scripting-at-script-nodes = True

create node @script myscript containing this:
import datetime
for p in c.all_positions():
if p.h == 'THIS_IS_A_TEST':
p.b = datetime.datetime.now()
g.es('@script has run')

create an empty node with headline THIS_IS_A_TEST

When the outline is loaded, the following appears in the log window:
Security warning! Ignoring...
@bool scripting-at-script-nodes = True
This setting can be True only in
leoSettings.leo or myLeoSettings.leo
disabled @script: myscript

Make this change:
@bool scripting-at-script-nodes = False

When the outline is loaded, the following appears in the log window:
disabled @script: myscript

Finally, make this change:
@@bool scripting-at-script-nodes = False

When the outline is loaded, the following appears in the log window:
executing script myscript
@script has run
and the node THIS_IS_A_TEST has the current date/time.


This shows that the value of the outline-local *scripting-at-script-nodes* 
flag is tested when test.leo is loaded, and that its value affects the 
ability to run @script nodes. Thus, it would appear that there could be an 
outline-local version of the flag, so that the global flag in 
myLeoSettings.leo could be set to False for default behavior. There would 
still be a security risk for a specific Leo file, which would need 
addressing, but it perhaps simplifies the problem somewhat.

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.

Re: how to run a script when Leo starts

2018-02-24 Thread Edward K. Ream 
On Sat, Feb 24, 2018 at 12:33 PM, Terry Brown  wrote:

> Imo, #740 Execute .leo/leo_startup.py on startup
> ​ ​
> is simpler and
> ​ ​
> safer.
>
> Sure, although the per outline specificity of @script nodes is useful.
> But unless we're going to remove @script nodes I don't think it's up to
> us to try any decide if a user can manage the risk safely or not, and
> whether they should know about the feature.


​Once again, I agree. @script will remain.​


I have just toned down the language in the first comment of
#741, Require confirmation for @script nodes



Realistically most Leo
> users will never receive a .leo file from someone else, so while the
> potential risk of @script is very high, most of the time the actual
> risk is quite low.
>

​Perhaps this is where we disagree. Somebody, don't remember who, created
an impressive system for scientific computing. It defined maybe a dozen
@button nodes. I can well imagine having him share his work.

Also, I have just updated the first comment of
#740: Execute .leo/leo_startup.py on startup

to say that there is a security risk if/when people start sharing Leo
startup scripts!

Edward

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.

Re: how to run a script when Leo starts

2018-02-24 Thread Terry Brown 
On Fri, 23 Feb 2018 11:15:42 -0800 (PST)
Phil  wrote:

> I want a script to run every time I start Leo. How can I do this?
> 
> Thanks,
> Phil

Although your question has prompted some clever new ideas, I wonder if
the answer is simpler than the response ;-)

You can set 

@bool scripting-at-script-nodes = True

The nodes labeled starting with "@script " will run on load.  Note the
docs. for that setting:

  True: dynamically executes script in @script nodes when a window is
  created.  DANGEROUS!

If they're your own scripts, they're only as dangerous if you make
them ;-), but of course it means loading a .leo file from an unknown or
maybe compromised source allows arbitrary code execution on your
computer.

So Kent's hash idea is very good, but for now you can already do this,
albeit needing to know the potential risk.

Cheers -Terry

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.

Re: how to run a script when Leo starts

2018-02-24 Thread Edward K. Ream 

On Saturday, February 24, 2018 at 5:35:53 AM UTC-6, Edward K. Ream wrote:

Most other editors allow a script to be executed once on startup. I have 
> just created #740 Execute .leo/leo_startup.py on startup 
>  to schedule this 
> enhancement.
>

Following Kent's excellent suggestion, I have just created #741 Require 
confirmation for @script nodes 
.

For now, creating a plugin is probably best. Safety and security are worth 
some extra work. I'll be happy to answer any question you might have.

This would be a good example plugin. There are some interesting techniques 
involved.

Edward

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.

Re: how to run a script when Leo starts

2018-02-24 Thread Edward K. Ream 
On Fri, Feb 23, 2018 at 1:15 PM, Phil  wrote:

> I want a script to run every time I start Leo. How can I do this?
>

​There are several ways:

1. *Clumsy*: Create a plugin that runs at startup, that is, at 'start1' or
'start2' time.  See this page
.​

2. *Dangerous*: Set @bool scripting-at-script-nodes = True. You can then
put an @script node in your .leo files.

This is a serious security issue.  It will enable @script nodes in *all*
your .leo files. For this reason, @bool scripting-at-script-nodes can only
be set to True in your myLeoSettings.leo file.

Most other editors allow a script to be executed once on startup. I have
just created #740 Execute .leo/leo_startup.py on startup
 to schedule this
enhancement.

Edward

-- 
You received this message because you are subscribed to the Google Groups 
"leo-editor" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to leo-editor+unsubscr...@googlegroups.com.
To post to this group, send email to leo-editor@googlegroups.com.
Visit this group at https://groups.google.com/group/leo-editor.
For more options, visit https://groups.google.com/d/optout.