Den 17. des. 2016 00:14, skrev Pavel Sanda:
Helge Hafting wrote:
Protection will not be achieved in most cases, because users are used to
While I agree with what you write in general about security, I do not think
this is how things were implemented, so in 'most cases' you are wrong.
1. Unless you do informed decision and go to the prefs and allow dangerous
mode you will never be asked and nothing will ever run.
This covers 99% of lyx users and usecases.
Nice, if nearly nobody uses the unsafe features.
3. Chrooting is nice idea and practically hard to achieve across platforms.
I see - unix only.
Many years back when I checked gnuplot devs were against including 'safe
mode' so the disable-write18-in-LaTeX alternative for gnuplot is not
in our reach either.
According to
http://stackoverflow.com/questions/10937597/security-risks-of-gnuplot-web-interface
,
gnuplot can be built "safer" by disabling pipe operations. That leaves
the unsafe commands "shell", "system" and "!", but a simple shellscript
using "grep" can check for these 3 commands and refuse to run gnuplot on
a file that contains any of them. Is that safe enough?
I can understand that devs might not want to create a "safe gnuplot"
because pipes and "shell/system" are useful commands. Apparently they
are also against having --safe-mode switch, even though it wouldn't
impact those not using this switch.
There is a safe fork of gnuplot: https://github.com/hletrd/gnuplot-safemode
Helge Hafting
