Let me just wrap this up then...
I think the current approaches to R security are not quite ready yet, and a
project related to that would be a project about R, not LyX.
However, simply issuing a warning when R scripts are present is IMHO too
trivial for a GSoC project.
We could include small things like that if we are thinking about
participating in Google Code-In instead. (I have never participated in
that, but GCI would be useful if we have many small tasks, including things
not related to code such as icon design, documentation, translation, etc.).
Scott Kostyshak wrote:
On Thu, Feb 6, 2014 at 7:07 PM, Cyrille Artho <c.ar...@aist.go.jp> wrote:
Feasible idea #3
I still think something should be done about the fact that a user can
open a LyX file that someone posted asking for help, compile, and have
all of his/her $HOME files uploaded/deleted. This is because of the
knitr/Sweave module (and an inset can be easily closed and hidden).
The user should be notified whenever a file has a "dangerous" module
for the first time. Richard had a good idea for solving the security
issue but not being intrusive (= only warning a user once per file
even if that file is subsequently changed). I believe it is
complicated enough for a GSoC but I don't think other LyX devels are
as interested in this being implemented as I am.
I have only used R a few times, and was not aware that it runs without
restrictions. That's pretty scary...
So IMHO this should be fixed in R and not in LyX, if possible.
I haven't seen a completed and easy way to implement this (see more below).
Unfortunately, I was not able to find a way to search the mailing list
archive of the R-devel mailing list, and I'm not familiar with the
community. However, I've found two efforts to make R more secure:
* RAppArmor: Use Linux' AppArmor to restrict R:
http://arxiv.org/pdf/1303.4808
* R in the JVM: Take advantage of the JVM's sandboxing:
http://code.google.com/p/renjin/
The former link is a technical report that has just been published (Nov.
2013), so the code is likely not yet ready for a release.
The latter link is also work in progress, but it seems to be coming along
well; a first release may come out soon. I think it's the better choice for
LyX as it is not platform dependent.
Here are more relevant links:
http://r.789695.n4.nabble.com/Scanning-a-R-script-for-potentially-insidious-commands-td4653507.html
https://github.com/Rapporter/sandboxR
https://github.com/jeroenooms/RAppArmor
Based on this, we could give the user three choices when finding a file that
uses R (via knitr or sweave):
* Trust the R code by running the script natively. Warn the user that the
code could potentially destroy data.
* Run restricted R (once Renjin is released). Requires a JVM installation,
and may not be compatible with all R modules.
* I'm scared! Do not open the file.
If you want, we should continue the conversation in a different
thread. I do not want to hijack this one.
Scott
--
Regards,
Cyrille Artho - http://artho.com/
The more numerous the laws, the more corrupt the government.
-- Tacitus
