On Thu, Feb 6, 2014 at 7:07 PM, Cyrille Artho <c.ar...@aist.go.jp> wrote: >> >> Feasible idea #3 >> >> I still think something should be done about the fact that a user can >> open a LyX file that someone posted asking for help, compile, and have >> all of his/her $HOME files uploaded/deleted. This is because of the >> knitr/Sweave module (and an inset can be easily closed and hidden). >> The user should be notified whenever a file has a "dangerous" module >> for the first time. Richard had a good idea for solving the security >> issue but not being intrusive (= only warning a user once per file >> even if that file is subsequently changed). I believe it is >> complicated enough for a GSoC but I don't think other LyX devels are >> as interested in this being implemented as I am. > > I have only used R a few times, and was not aware that it runs without > restrictions. That's pretty scary... > > So IMHO this should be fixed in R and not in LyX, if possible.
I haven't seen a completed and easy way to implement this (see more below). > Unfortunately, I was not able to find a way to search the mailing list > archive of the R-devel mailing list, and I'm not familiar with the > community. However, I've found two efforts to make R more secure: > > * RAppArmor: Use Linux' AppArmor to restrict R: > > http://arxiv.org/pdf/1303.4808 > > * R in the JVM: Take advantage of the JVM's sandboxing: > > http://code.google.com/p/renjin/ > > The former link is a technical report that has just been published (Nov. > 2013), so the code is likely not yet ready for a release. > > The latter link is also work in progress, but it seems to be coming along > well; a first release may come out soon. I think it's the better choice for > LyX as it is not platform dependent. Here are more relevant links: http://r.789695.n4.nabble.com/Scanning-a-R-script-for-potentially-insidious-commands-td4653507.html https://github.com/Rapporter/sandboxR https://github.com/jeroenooms/RAppArmor > > Based on this, we could give the user three choices when finding a file that > uses R (via knitr or sweave): > > * Trust the R code by running the script natively. Warn the user that the > code could potentially destroy data. > > * Run restricted R (once Renjin is released). Requires a JVM installation, > and may not be compatible with all R modules. > > * I'm scared! Do not open the file. If you want, we should continue the conversation in a different thread. I do not want to hijack this one. Scott
