On 20/06/2017 02:43, Guillaume MM wrote:
One must look at the
big picture and see that adding an authorization mechanism for arbitrary
execution of commands is absurd when its sole purpose is to call an
external tool from within LaTeX.
needauth was a urgently needed mitigation of the security issues behind running
arbitrary external tools when compiling LyX documents; a more engineered remedy
AFAICR was actually the use of sandboxing machineries, which was prototyped on
Ubuntu/Linux using AppArmor.
Lastly, I find interesting the idea of a "secure" icon providing visual
feedback and the ability to revoke the permissions, and I believe that
it could be used to improve the current needauth mechanism.
+1 for completing the current needauth with a revocation means; this can include
also a security settings pane where we list the pathnames of all documents in
the user's approved permission list, where one can revoke the permission
selectively,
or even perhaps edit the list and use wildcards (e.g., always grant when I work
in /home/tommaso/work/trusted/*)... ok, I went too far :-)
My2c,
T.
