Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On Mon, Jul 31, 2017 at 11:57:55PM +0200, Christian Ridderström wrote: > Do we have an overview somewhere (with patch reference) for the > alternatives proposed for beta1, which is then what's likely to end up in > 2.3? > Note: I did just look at the wiki page but didn't see it there clearly. No

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 31 July 2017 at 20:44, Guillaume MM wrote: > Le 31/07/2017 à 13:31, Jürgen Spitzmüller a écrit : > >> I meant it in this sense. If a vote only means "I did not have a >> look at >> >> the patch but I am fed-up so let us go ahead" then it is not taking >>

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

Le 31/07/2017 à 13:31, Jürgen Spitzmüller a écrit : I meant it in this sense. If a vote only means "I did not have a look at the patch but I am fed-up so let us go ahead" then it is not taking responsibilities. A vote is a vote. If the given voting will be Rates

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

I meant it in this sense. If a vote only means "I did not have a look at > the patch but I am fed-up so let us go ahead" then it is not taking responsibilities. A vote is a vote. If the given voting will be Rates differently, this will be have been the last voting I have participated on this

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

Le 29/07/2017 à 23:54, Scott Kostyshak a écrit : On Thu, Jul 27, 2017 at 04:09:56PM +0200, Guillaume MM wrote: * Having to use -shell-escape for running Pygments. Yes, and if we go the way of the patch, I don't think any other improvements (e.g. post-beta1) will be made to address this,

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On Sun, Jul 30, 2017 at 12:12:08AM +0200, Enrico Forestieri wrote: > On Sat, Jul 29, 2017 at 05:54:33PM -0400, Scott Kostyshak wrote: > > > > More important to me is that we interpret "take responsibility" in a > > different way. Enrico, if we decide to go forward with something like > > the

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On Sat, Jul 29, 2017 at 05:54:33PM -0400, Scott Kostyshak wrote: > > More important to me is that we interpret "take responsibility" in a > different way. Enrico, if we decide to go forward with something like > the latest patch, will you be around in the next couple of months and > willing to

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On Thu, Jul 27, 2017 at 04:09:56PM +0200, Guillaume MM wrote: > * One has to decide which suggestions are needed for 2.3 and which ones > can be implemented later. Agreed. And the more immediate issue is which suggestions are needed before beta1. Conditional on LyX devs supporting something like

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

Le 22/07/2017 à 00:47, Guenter Milde a écrit : On 2017-07-19, Richard Heck wrote: On 07/19/2017 01:48 AM, Christian Ridderström wrote: On 18 July 2017 at 23:49, Jean-Marc Lasgouttes > wrote: Le 18/07/2017 à 23:42, Christian Ridderström a

Re: Can shell-escape take advantage of needauth framework?

On 26/07/2017 22:55, Pavel Sanda wrote: Tommaso Cucinotta wrote: On 25/07/2017 11:10, Pavel Sanda wrote: 1. No "needauth" preferences (do not allow needauth from being disabled). instead of this, why don't we put some more stress on the action of disabling the "Use needauth option", e.g.,

Re: Can shell-escape take advantage of needauth framework?

Tommaso Cucinotta wrote: > On 25/07/2017 11:10, Pavel Sanda wrote: >>> 1. No "needauth" preferences (do not allow needauth from being disabled). > > instead of this, why don't we put some more stress on the action of > disabling the "Use needauth option", e.g., the attached patch ? I am fine

Re: Can shell-escape take advantage of needauth framework?

On 25 July 2017 at 01:30, Tommaso Cucinotta wrote: > On 18/07/2017 21:50, Christian Ridderström wrote: > >> I do not know how many KGB/CIA agents will be willing attend the 'hack >> LyX' classes. How much is it worth on a spy resume ? >> > > haha! something like that must have

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 24 July 2017 at 23:20, Tommaso Cucinotta wrote: > On 23/07/2017 20:55, Christian Ridderström wrote: > >> Regarding setting something in the preference file manually: The only >> thing I mind is that it adds a global state to LyX, as opposed to >> starting LyX with some

Re: Can shell-escape take advantage of needauth framework?

On 25/07/2017 11:10, Pavel Sanda wrote: 1. No "needauth" preferences (do not allow needauth from being disabled). instead of this, why don't we put some more stress on the action of disabling the "Use needauth option", e.g., the attached patch ? Some nice text would have to be properly

Re: Can shell-escape take advantage of needauth framework?

Guillaume MM wrote: > Not sure if what is being discussed is for 2.3 or for an ideal > implementation, but ideally what about: > > 1. No "needauth" preferences (do not allow needauth from being disabled). > 2. The dialog has a checkbox "I have read the above and I understand the > consequences",

Re: Types of LyX users (Was: Can shell-escape take advantage of needauth framework?)

On Tue, Jul 25, 2017 at 01:03:00AM +0200, Tommaso Cucinotta wrote: > > ... hope you like it as a start ;-P ... I like it. We need some illustrations. Scott signature.asc Description: PGP signature

Re: Can shell-escape take advantage of needauth framework?

On 19/07/2017 11:06, Pavel Sanda wrote: I disagree though that we should ban needauth mechanism right now and if the argument really is that I can trick someone into unchecking whatever I want, then I can directly trick him into writing rm -rf / on the commandline. +1, albeit quite evidently

Re: Can shell-escape take advantage of needauth framework?

On 18/07/2017 21:50, Christian Ridderström wrote: I do not know how many KGB/CIA agents will be willing attend the 'hack LyX' classes. How much is it worth on a spy resume ? haha! something like that must have been said by someone in Redmond while coming out with this new brilliant and

Re: Types of LyX users (Was: Can shell-escape take advantage of needauth framework?)

On 25/07/2017 00:15, Scott Kostyshak wrote: Then we could easily say "I think this feature would benefit Lucie, would hurt Raimundo, and would not affect Sara at Alice was beginning to get very tired of sitting by her sister on the bank, and of having nothing to do: once or twice she had

Re: Types of LyX users (Was: Can shell-escape take advantage of needauth framework?)

On Sun, Jul 23, 2017 at 09:52:37PM +0200, Christian Ridderström wrote: > I think Scott is partly verging towards the topic of types of users > and user scenarios. Yes I think so. The problem (as you mentioned) is that we really don't know what the distribution of our users looks like. > Perhaps

Re: Can shell-escape take advantage of needauth framework?

[slowly catching up...] On 18/07/2017 19:46, Christian Ridderström wrote: I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid of use of needauth converters' and unchecked 'Use needauth option'. Then I opened a LyX doc with a gnuplot script. Result: LyX tried to run the

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On Sat, Jul 22, 2017 at 01:09:09AM +0200, Jean-Marc Lasgouttes wrote: > Le 21/07/2017 à 21:02, Scott Kostyshak a écrit : > > > except if I disable needauth globally :( > > > > What about editing the session file to add the paths of the .lyx files > > that you want? If you're interested, I could

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 23/07/2017 20:55, Christian Ridderström wrote: Regarding setting something in the preference file manually: The only thing I mind is that it adds a global state to LyX, as opposed to starting LyX with some parameters. The global state would likely affect e.g. testing. the good thing is that

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 22/07/2017 00:47, Guenter Milde wrote: Enrico's patch did not touch "needauth" but has some nice features for "shell-escape": it addressed the "set and forget" issue by a) adding a red icon to the status bar if a document has the "allow shell-escape" flag. b) revoking the permission,

Types of LyX users (Was: Can shell-escape take advantage of needauth framework?)

On 21 July 2017 at 22:12, Scott Kostyshak wrote: > On Tue, Jul 18, 2017 at 11:21:38AM +0200, Jean-Marc Lasgouttes wrote: >> Le 18/07/2017 à 09:07, Scott Kostyshak a écrit : >> > I was thinking about it from a different angle. I was only focused on >> > what I thought was most

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 19 July 2017 at 12:00, Jean-Marc Lasgouttes wrote: > Le 19/07/2017 à 07:48, Christian Ridderström a écrit : >> >> If user does not want all these warnings, he could disable them by >> launching LyX with some option like "--do-not-warn-me-about-unsafe-setting". >> Instead of

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

Le 21/07/2017 à 21:02, Scott Kostyshak a écrit : except if I disable needauth globally :( What about editing the session file to add the paths of the .lyx files that you want? If you're interested, I could write a Python/Bash script that does it for you. I might end up using it also. Well, I

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 2017-07-19, Richard Heck wrote: > On 07/19/2017 01:48 AM, Christian Ridderström wrote: >> On 18 July 2017 at 23:49, Jean-Marc Lasgouttes > > wrote: >> Le 18/07/2017 à 23:42, Christian Ridderström a écrit : >> I think the default

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jul 18, 2017 at 11:21:38AM +0200, Jean-Marc Lasgouttes wrote: > Le 18/07/2017 à 09:07, Scott Kostyshak a écrit : > > I was thinking about it from a different angle. I was only focused on > > what I thought was most secure, without even considering usability. As I > > mentioned in the

Re: Can shell-escape take advantage of needauth framework?

On Wed, Jul 19, 2017 at 11:06:54AM +0200, Pavel Sanda wrote: > and > if the argument really is that I can trick someone into unchecking > whatever I want, then I can directly trick him into writing rm -rf / > on the commandline. Good point. I guess we try to limit the number of ways a user can

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jul 18, 2017 at 11:32:24AM +0200, Guillaume MM wrote: > I agree, but note that for printing this did not invalidate existing > documents. True that's indeed an important difference. Scott signature.asc Description: PGP signature

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On Wed, Jul 19, 2017 at 12:00:52PM +0200, Jean-Marc Lasgouttes wrote: > Which make me think that I did not try to check whether my nice scripts to > process Sweave lyx file still have a chance to work. Oops! they won't This is good. It shows the needauth implementation works. > except if I

Re: Can shell-escape take advantage of needauth framework?

Le 19/07/2017 à 11:47, Pavel Sanda a écrit : Guillaume MM wrote: Le 18/07/2017 ?? 23:27, Jean-Marc Lasgouttes a écrit : Le 18/07/2017 ?? 23:24, Christian Ridderström a écrit : The threat model is one important aspect, but it's difficult for us to know who uses LyX and in which industries. Or

Re: Can shell-escape take advantage of needauth framework?

Le 19/07/2017 à 16:47, Richard Heck a écrit : On 07/19/2017 05:06 AM, Pavel Sanda wrote: Christian Ridderström wrote: I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid of use of needauth converters' and unchecked 'Use needauth option'. Then I opened a LyX doc with a

Re: Can shell-escape take advantage of needauth framework?

On 07/19/2017 05:06 AM, Pavel Sanda wrote: > Christian Ridderström wrote: >> I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid >> of use of needauth converters' and unchecked 'Use needauth option'. Then I >> opened a LyX doc with a gnuplot script. Result: LyX tried to run

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

Le 19/07/2017 à 07:48, Christian Ridderström a écrit : If user does not want all these warnings, he could disable them by launching LyX with some option like "--do-not-warn-me-about-unsafe-setting". Instead of having a checkbox for "don't tell me these things again". It has the same issues as

Re: Can shell-escape take advantage of needauth framework?

Guillaume MM wrote: > Le 18/07/2017 ?? 23:27, Jean-Marc Lasgouttes a écrit : >> Le 18/07/2017 ?? 23:24, Christian Ridderström a écrit : >>> The threat model is one important aspect, but it's difficult for us to >>> know who uses LyX and in which industries. Or how many users there are at >>>

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

Christian Ridderström wrote: > - Users uncheck settings all the time, it doesn't seem very "scary" > > Why does disabling something like needauth have to be done from within LyX? ... as I read through the list I see we come to similar conclusions ... I don't have strong opinion about these.

Re: Can shell-escape take advantage of needauth framework?

Christian Ridderström wrote: > I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid > of use of needauth converters' and unchecked 'Use needauth option'. Then I > opened a LyX doc with a gnuplot script. Result: LyX tried to run the script > due to the preview, without asking

Re: Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 07/19/2017 01:48 AM, Christian Ridderström wrote: > > On 18 July 2017 at 23:49, Jean-Marc Lasgouttes > wrote: > > Le 18/07/2017 à 23:42, Christian Ridderström a écrit : > > I think the default should be secure, and that the user

Going into dangerous mode (Was: Can shell-escape take advantage of needauth framework?)

On 18 July 2017 at 23:49, Jean-Marc Lasgouttes wrote: > Le 18/07/2017 à 23:42, Christian Ridderström a écrit : > >> I think the default should be secure, and that the user should have to do >> something actively to go into a dangerous mode. >> > > Well, since you consider

Re: Can shell-escape take advantage of needauth framework?

Le 18/07/2017 à 23:27, Jean-Marc Lasgouttes a écrit : Le 18/07/2017 à 23:24, Christian Ridderström a écrit : The threat model is one important aspect, but it's difficult for us to know who uses LyX and in which industries. Or how many users there are at all. And how many of them that use

Re: Can shell-escape take advantage of needauth framework?

Le 18/07/2017 à 23:24, Christian Ridderström a écrit : The threat model is one important aspect, but it's difficult for us to know who uses LyX and in which industries. Or how many users there are at all. And how many of them that use converters. If we can achieve good security we don't need

Re: Can shell-escape take advantage of needauth framework?

On 18 July 2017 at 22:09, Jean-Marc Lasgouttes wrote: > Le 18/07/2017 à 21:50, Christian Ridderström a écrit : > >> That you argue this way makes me sad.. and embarrassed/ashamed on behalf >> of the project. I could counter all your points in the paragraph above, >> but I

Re: Can shell-escape take advantage of needauth framework?

Le 18/07/2017 à 21:50, Christian Ridderström a écrit : That you argue this way makes me sad.. and embarrassed/ashamed on behalf of the project. I could counter all your points in the paragraph above, but I worry it's a waste of time and to be perfectly honest I'm a little to upset right now

Re: Can shell-escape take advantage of needauth framework?

On 18 July 2017 at 21:15, Jean-Marc Lasgouttes wrote: > Le 18/07/2017 à 19:46, Christian Ridderström a écrit : > >> I just did a test with gnuplot. In the LyX settings I had unchecked >> 'Forbid of use of needauth converters' and unchecked 'Use needauth option'. >> Then I

Re: Can shell-escape take advantage of needauth framework?

Le 18/07/2017 à 19:46, Christian Ridderström a écrit : I just did a test with gnuplot. In the LyX settings I had unchecked 'Forbid of use of needauth converters' and unchecked 'Use needauth option'. Then I opened a LyX doc with a gnuplot script. Result: LyX tried to run the script due to the

Re: Can shell-escape take advantage of needauth framework?

On 18 July 2017 at 11:32, Guillaume MM wrote: > Once it is in, then it >>> has to be supported forever, I believe there is an agreement about this. >>> >> >> I wouldn't say this in absolute terms, but I would agree that there's >> lots of hesitation before removing a feature, and

Re: Can shell-escape take advantage of needauth framework?

Le 18/07/2017 à 09:07, Scott Kostyshak a écrit : On the contrary, if preview never uses needauth converters, is it as useful in cases like gnuplot? By "it" do you mean the external template? Yes Once it is in, then it has to be supported forever, I believe there is an agreement about this.

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jul 18, 2017 at 03:06:57AM -0400, Scott Kostyshak wrote: > On Mon, Jul 17, 2017 at 02:14:39PM +0200, Enrico Forestieri wrote: > > On Mon, Jul 17, 2017 at 07:14:07AM +0200, Guillaume MM wrote: > > > > > > But besides that I agree with your suggestions. Thanks again for > > > spending your

Re: Can shell-escape take advantage of needauth framework?

Le 18/07/2017 à 09:07, Scott Kostyshak a écrit : I was thinking about it from a different angle. I was only focused on what I thought was most secure, without even considering usability. As I mentioned in the thread asking for votes, I believe that we should focus completely on what is the most

Re: Can shell-escape take advantage of needauth framework?

Le 18/07/2017 à 09:07, Scott Kostyshak a écrit : Once it is in, then it has to be supported forever, I believe there is an agreement about this. I wouldn't say this in absolute terms, but I would agree that there's lots of hesitation before removing a feature, and that hesitation only

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jul 17, 2017 at 07:14:07AM +0200, Guillaume MM wrote: > Le 05/07/2017 à 06:54, Scott Kostyshak a écrit : > > On Wed, Jun 28, 2017 at 02:37:41PM +0200, Guillaume MM wrote: > > > Le 27/06/2017 à 21:00, Scott Kostyshak a écrit : > > > > > > > > Where I > > > > think there is disagreement is

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jul 17, 2017 at 06:55:14AM +0200, Guillaume MM wrote: > Hi Scott, > > Sorry for the delay. I was very busy over the past > two weeks. No problem. > Le 05/07/2017 à 06:54, Scott Kostyshak a écrit : > > On Wed, Jun 28, 2017 at 02:36:49PM +0200, Guillaume MM wrote: > > > Le 27/06/2017 à

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jul 17, 2017 at 02:14:39PM +0200, Enrico Forestieri wrote: > On Mon, Jul 17, 2017 at 07:14:07AM +0200, Guillaume MM wrote: > > > > But besides that I agree with your suggestions. Thanks again for > > spending your time looking into this issue with so much care. > > Yes, it seems that

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jul 17, 2017 at 07:14:07AM +0200, Guillaume MM wrote: > > But besides that I agree with your suggestions. Thanks again for > spending your time looking into this issue with so much care. Yes, it seems that Scott can be easily convinced by your constructed arguments. "There is a bomb

Re: Can shell-escape take advantage of needauth framework?

Le 05/07/2017 à 06:54, Scott Kostyshak a écrit : On Wed, Jun 28, 2017 at 02:37:41PM +0200, Guillaume MM wrote: Le 27/06/2017 à 21:00, Scott Kostyshak a écrit : Where I think there is disagreement is on whether we take a paternalistic approach of "are you sure you know what you're doing? Think

Re: Can shell-escape take advantage of needauth framework?

Hi Scott, Sorry for the delay. I was very busy over the past two weeks. Le 05/07/2017 à 06:54, Scott Kostyshak a écrit : On Wed, Jun 28, 2017 at 02:36:49PM +0200, Guillaume MM wrote: Le 27/06/2017 à 23:45, Tommaso Cucinotta a écrit : needauth was a urgently needed mitigation of the security

Re: Can shell-escape take advantage of needauth framework?

On Thu, Jul 06, 2017 at 11:39:50PM +0200, Enrico Forestieri wrote: > Then, I fear that whatever I say is ineffective. > http://fablesofaesop.com/the-wolf-and-the-lamb.html I'm really sorry you feel that way (I know this sounds insincere and cliché, but this is how I feel). Scott signature.asc

Re: Can shell-escape take advantage of needauth framework?

On Thu, Jul 06, 2017 at 04:20:43PM -0400, Scott Kostyshak wrote: > On Thu, Jul 06, 2017 at 04:03:11PM +0200, Enrico Forestieri wrote: > > > Trying to separate these issues is hypocritical and discriminatory. > > I do not think it necessarily has to be hypocritical or discriminatory. >

Re: Can shell-escape take advantage of needauth framework?

On Thu, Jul 06, 2017 at 04:03:11PM +0200, Enrico Forestieri wrote: > On Wed, Jul 05, 2017 at 12:54:20AM -0400, Scott Kostyshak wrote: > > > On Tue, Jun 27, 2017 at 09:26:30PM +0200, Enrico Forestieri wrote: > > > > > I don't think that reverting is in discussion here > > > > It is as long as

Re: Can shell-escape take advantage of needauth framework?

On Wed, Jul 05, 2017 at 12:54:20AM -0400, Scott Kostyshak wrote: > On Tue, Jun 27, 2017 at 09:26:30PM +0200, Enrico Forestieri wrote: > > > I don't think that reverting is in discussion here > > It is as long as even one LyX developer proposes it. Ok. Then, I find it unfair not discussing the

Re: Can shell-escape take advantage of needauth framework?

Le 05/07/2017 à 06:54, Scott Kostyshak a écrit : Moving on to the section <> I think that (1) - (3) all fail this. Preferences and sessions files are stored in plain text that can be easily edited. I think we could improve this by storing them somewhere else where the user doesn't have

Re: Can shell-escape take advantage of needauth framework?

On Wed, Jun 28, 2017 at 02:36:49PM +0200, Guillaume MM wrote: > Le 27/06/2017 à 23:45, Tommaso Cucinotta a écrit : > > > > needauth was a urgently needed mitigation of the security issues behind > > running > > arbitrary external tools when compiling LyX documents; a more engineered > > remedy >

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 27, 2017 at 09:26:30PM +0200, Enrico Forestieri wrote: > I don't think that reverting is in discussion here It is as long as even one LyX developer proposes it. Scott signature.asc Description: PGP signature

Re: Can shell-escape take advantage of needauth framework?

On Wed, Jun 28, 2017 at 02:37:41PM +0200, Guillaume MM wrote: > Le 27/06/2017 à 21:00, Scott Kostyshak a écrit : > > > > Where I > > think there is disagreement is on whether we take a paternalistic > > approach of "are you sure you know what you're doing? Think very hard > > about this before

Re: Can shell-escape take advantage of needauth framework?

On Wed, Jun 28, 2017 at 02:36:49PM +0200, Guillaume MM wrote: > + Specificity: only gnuplot is given elevated privileges, which is what > the user wants. So, what? A system("whatever you want here") can be issued from a gnuplot script. Then, one could say about shell-escape: + Specificity: only

Re: Can shell-escape take advantage of needauth framework?

Le 27/06/2017 à 21:00, Scott Kostyshak a écrit : Where I think there is disagreement is on whether we take a paternalistic approach of "are you sure you know what you're doing? Think very hard about this before you do it" or a lax approach of allowing users to shoot themselves in the foot.

Re: Can shell-escape take advantage of needauth framework?

Le 27/06/2017 à 23:45, Tommaso Cucinotta a écrit : needauth was a urgently needed mitigation of the security issues behind running arbitrary external tools when compiling LyX documents; a more engineered remedy AFAICR was actually the use of sandboxing machineries, which was prototyped on

Re: Can shell-escape take advantage of needauth framework?

On Wed, Jun 28, 2017 at 12:25:58AM +0200, Tommaso Cucinotta wrote: > On 28/06/2017 00:02, Enrico Forestieri wrote: > > ...and those converters can execute > > arbitrary commands, > > just to be sure, I just double-checked that on current trunk, without any > settings in one's ~/.lyx/, the default

Re: Can shell-escape take advantage of needauth framework?

On 28/06/2017 00:02, Enrico Forestieri wrote: ...and those converters can execute arbitrary commands, just to be sure, I just double-checked that on current trunk, without any settings in one's ~/.lyx/, the default behavior will be "Forbid use of needauth converters", so any of those

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 27, 2017 at 03:00:37PM -0400, Scott Kostyshak wrote: > On Tue, Jun 27, 2017 at 03:33:12PM +0200, Guillaume MM wrote: > > > > I find that the enhancement request came in a bit late in the 2.3 > > release process for such a sensitive issue, and that 2.3 already > > improves the situation

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 27, 2017 at 11:45:56PM +0200, Tommaso Cucinotta wrote: > On 20/06/2017 02:43, Guillaume MM wrote: > > One must look at the > > big picture and see that adding an authorization mechanism for arbitrary > > execution of commands is absurd when its sole purpose is to call an > > external

Re: Can shell-escape take advantage of needauth framework?

On 20/06/2017 02:43, Guillaume MM wrote: One must look at the big picture and see that adding an authorization mechanism for arbitrary execution of commands is absurd when its sole purpose is to call an external tool from within LaTeX. needauth was a urgently needed mitigation of the security

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 27, 2017 at 03:00:37PM -0400, Scott Kostyshak wrote: > On Tue, Jun 27, 2017 at 03:33:12PM +0200, Guillaume MM wrote: > > > > I find that the enhancement request came in a bit late in the 2.3 > > release process for such a sensitive issue, and that 2.3 already > > improves the

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 27, 2017 at 03:33:12PM +0200, Guillaume MM wrote: > Hi Scott, > > Le 25/06/2017 à 22:41, Scott Kostyshak a écrit : > > > > Judging by the comments of gpoore, we do not want to wait for this for > > 2.3.0. But this does affect the discussion of what to do for 2.3.0, > > since we might

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 27, 2017 at 03:33:12PM +0200, Guillaume MM wrote: > > I find that the enhancement request came in a bit late in the 2.3 > release process for such a sensitive issue, and that 2.3 already > improves the situation with the needauth mechanism. So, if we conclude > that an implementation

Re: Can shell-escape take advantage of needauth framework?

Hi Scott, Le 25/06/2017 à 22:41, Scott Kostyshak a écrit : Judging by the comments of gpoore, we do not want to wait for this for 2.3.0. But this does affect the discussion of what to do for 2.3.0, since we might not want to introduce a workflow in 2.3.0 that we will change soon after. I

Re: Can shell-escape take advantage of needauth framework?

On Sun, Jun 25, 2017 at 02:54:29PM +0200, Jürgen Spitzmüller wrote: > Am Sonntag, den 25.06.2017, 13:53 +0200 schrieb Guillaume MM: > > > While I believe that the question of providing the package most > > > popular > > > at a certain point in time vs. a good enough implementation is > > >

Re: Can shell-escape take advantage of needauth framework?

Am Sonntag, den 25.06.2017, 13:53 +0200 schrieb Guillaume MM: > > While I believe that the question of providing the package most > > popular > > at a certain point in time vs. a good enough implementation is > > secondary > > to security implications, I also inquired at > >

Re: Can shell-escape take advantage of needauth framework?

Le 21/06/2017 à 07:15, Guillaume MM a écrit : While I believe that the question of providing the package most popular at a certain point in time vs. a good enough implementation is secondary to security implications, I also inquired at whether it

Re: Can shell-escape take advantage of needauth framework?

2017-06-21 10:16 GMT+02:00 Jean-Marc Lasgouttes : > We could try something in the status bar. > I also thought about this, and I would prefer it much over a toolbar button. Jürgen > > JMarc >

Re: Can shell-escape take advantage of needauth framework?

Le 21/06/2017 à 07:15, Guillaume MM a écrit : I disagree. I think that this toolbar button even more promotes the option to enable a potentially risky feature. I am not sure what you mean, but to be clear, adding visual feedback and the ability to revoke permissions solves some of needauth's

Re: Can shell-escape take advantage of needauth framework?

Le 20/06/2017 à 09:54, Jürgen Spitzmüller a écrit : 2017-06-20 2:43 GMT+02:00 Guillaume MM >: ... An alternative is provided by the possibility to add pygmentize to the list of "trusted commands", but this is something users need to do themselves. This is

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 20, 2017 at 08:48:20PM +0200, Jürgen Spitzmüller wrote: > Am Dienstag, den 20.06.2017, 20:29 +0200 schrieb Enrico Forestieri: > > Ok, so you want to support shell-escape only for supported packages. > > The next iteration of the patch attached here allows this only for > > documents

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 20, 2017 at 03:44:10PM -0400, Richard Heck wrote: > On 06/20/2017 02:48 PM, Jürgen Spitzmüller wrote: > > Am Dienstag, den 20.06.2017, 20:29 +0200 schrieb Enrico Forestieri: > >> Ok, so you want to support shell-escape only for supported packages. > >> The next iteration of the patch

Re: Can shell-escape take advantage of needauth framework?

On 06/20/2017 02:48 PM, Jürgen Spitzmüller wrote: > Am Dienstag, den 20.06.2017, 20:29 +0200 schrieb Enrico Forestieri: >> Ok, so you want to support shell-escape only for supported packages. >> The next iteration of the patch attached here allows this only for >> documents actually using minted.

Re: Can shell-escape take advantage of needauth framework?

Am Dienstag, den 20.06.2017, 20:29 +0200 schrieb Enrico Forestieri: > Ok, so you want to support shell-escape only for supported packages. > The next iteration of the patch attached here allows this only for > documents actually using minted. When all minted listings are removed > from the

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 20, 2017 at 09:26:53AM +0200, Jürgen Spitzmüller wrote: > 2017-06-19 21:00 GMT+02:00 Enrico Forestieri : > > > Are you able to tell that you need -shell-escape for the attached > > document? > > > > No, but this is not a natively supported feature (as opposed to

Re: Can shell-escape take advantage of needauth framework?

2017-06-20 2:43 GMT+02:00 Guillaume MM : > If I understand correctly, this is the latest proposal for hard-wiring > the "-shell-escape" option when running the child latex processes, so I > will comment on this one. But I could write almost the same for all the > other proposals I

Re: Can shell-escape take advantage of needauth framework?

2017-06-19 21:00 GMT+02:00 Enrico Forestieri : > Are you able to tell that you need -shell-escape for the attached > document? > No, but this is not a natively supported feature (as opposed to minted). Jürgen > > -- > Enrico >

Re: Can shell-escape take advantage of needauth framework?

On Tue, Jun 20, 2017 at 02:43:58AM +0200, Guillaume MM wrote: > Le 19/06/2017 à 15:39, Enrico Forestieri a écrit : > > On Mon, Jun 19, 2017 at 06:39:22AM +0200, Jürgen Spitzmüller wrote: > > > > > Am Sonntag, den 18.06.2017, 19:56 +0200 schrieb Enrico Forestieri: > > > > > I think we need to

Re: Can shell-escape take advantage of needauth framework?

Le 19/06/2017 à 15:39, Enrico Forestieri a écrit : On Mon, Jun 19, 2017 at 06:39:22AM +0200, Jürgen Spitzmüller wrote: Am Sonntag, den 18.06.2017, 19:56 +0200 schrieb Enrico Forestieri: I think we need to provide an option to add -shell-escape only to specific documents and only on the given

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jun 19, 2017 at 09:00:33PM +0200, Enrico Forestieri wrote: > On Mon, Jun 19, 2017 at 08:57:00PM +0200, Jürgen Spitzmüller wrote: > > > Am Montag, den 19.06.2017, 20:33 +0200 schrieb Enrico Forestieri: > > > Because we don't know whether it's needed? > > > > Why not? Can't we define

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jun 19, 2017 at 08:57:00PM +0200, Jürgen Spitzmüller wrote: > Am Montag, den 19.06.2017, 20:33 +0200 schrieb Enrico Forestieri: > > Because we don't know whether it's needed? > > Why not? Can't we define that? Are you able to tell that you need -shell-escape for the attached document?

Re: Can shell-escape take advantage of needauth framework?

Am Montag, den 19.06.2017, 20:33 +0200 schrieb Enrico Forestieri: > Because we don't know whether it's needed? Why not? Can't we define that? Jürgen signature.asc Description: This is a digitally signed message part

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jun 19, 2017 at 07:54:03PM +0200, Jürgen Spitzmüller wrote: > > Again: Why do we need the toolbar button? Why not let the document > itself ask for shell-escaping, depending on the need for that (e.g., > minted)? Because we don't know whether it's needed? -- Enrico

Re: Can shell-escape take advantage of needauth framework?

Am Montag, den 19.06.2017, 15:39 +0200 schrieb Enrico Forestieri: > Sorry, it was not clear to me what you meant. Here is a patch > following > this strategy. > > - We never store in the document the need for -shell-escape. > - When the user checks the toolbar button and then runs a latex >

Re: Can shell-escape take advantage of needauth framework?

On Mon, Jun 19, 2017 at 06:39:22AM +0200, Jürgen Spitzmüller wrote: > Am Sonntag, den 18.06.2017, 19:56 +0200 schrieb Enrico Forestieri: > > > I think we need to provide an option to add -shell-escape only to > > > specific documents and only on the given machine. This prevents > > > sending > >

Re: Can shell-escape take advantage of needauth framework?

On Sun, Jun 18, 2017 at 10:00:02PM -0400, Richard Heck wrote: > And not too late for a format change for something so important, > though that's Scott's call. I'm fine with that. I want to hear from Guillaume before any patch goes in, but there will be time for that before beta. Scott

  1   2   >