>
> Feasible idea #3
>
> I still think something should be done about the fact that a user can
> open a LyX file that someone posted asking for help, compile, and have
> all of his/her $HOME files uploaded/deleted. This is because of the
> knitr/Sweave module (and an inset can be easily closed and hidden).
> The user should be notified whenever a file has a "dangerous" module
> for the first time. Richard had a good idea for solving the security
> issue but not being intrusive (= only warning a user once per file
> even if that file is subsequently changed). I believe it is
> complicated enough for a GSoC but I don't think other LyX devels are
> as interested in this being implemented as I am.
I have only used R a few times, and was not aware that it runs without
restrictions. That's pretty scary...
So IMHO this should be fixed in R and not in LyX, if possible.
Unfortunately, I was not able to find a way to search the mailing list
archive of the R-devel mailing list, and I'm not familiar with the
community. However, I've found two efforts to make R more secure:
* RAppArmor: Use Linux' AppArmor to restrict R:
http://arxiv.org/pdf/1303.4808
* R in the JVM: Take advantage of the JVM's sandboxing:
http://code.google.com/p/renjin/
The former link is a technical report that has just been published (Nov.
2013), so the code is likely not yet ready for a release.
The latter link is also work in progress, but it seems to be coming along
well; a first release may come out soon. I think it's the better choice for
LyX as it is not platform dependent.
Based on this, we could give the user three choices when finding a file
that uses R (via knitr or sweave):
* Trust the R code by running the script natively. Warn the user that the
code could potentially destroy data.
* Run restricted R (once Renjin is released). Requires a JVM installation,
and may not be compatible with all R modules.
* I'm scared! Do not open the file.
--
Regards,
Cyrille Artho - http://artho.com/
Give a man a fish, and you feed him for a day.
Teach a man to fish, and he'll invite himself over for dinner.
-- Calvin Keegan
