On Wed, Apr 02, 2008 at 09:24:04PM -0500, Bo Peng wrote: > > I'd simply drop that feature. There is no proper solution possible. > > > > Actually, when I think about it... > > Suppose I bundle a file with relative path > > > > "../../../../../../../../../etc/passwd" > > > > and open that file with root permissions in LyX. > > If you sys admin does this, you should immediately fire him. :-)
Think of the poor Windows guys that run around with admin priviledges all day... > Anyway, you got your point and I agree that it is a sensible policy to > never write outside of the document directory. That is to say, we keep > everything we currently have, but when someone tries to unbundle some > file to a directory outside of the document directory, we disallow > extraction of the file or ask the user to extract to the document > directory. In this way > > 1. Arbitrary files can be embedded, this allows users to keep their > own document directory structure. > 2. The embed-editing mode will work even if such files are embedded. > 3. There is no security problem because lyx does not write outside of > the document directory when unbundling is requested. > 4. An easy solution is provided for users to unbundle .lyx file with such > files. > > I guess this solves all the problem. Any objection? Well, as long as writing outside is not possible (even after asking yes/no question, people are too used to simply click on 'Yes' as soon as they see such a button ;-}). Explicit exporting using a file dialog might be ok, though.. Andre'
