On Tue, Jun 27, 2017 at 11:45:56PM +0200, Tommaso Cucinotta wrote: > On 20/06/2017 02:43, Guillaume MM wrote: > > One must look at the > > big picture and see that adding an authorization mechanism for arbitrary > > execution of commands is absurd when its sole purpose is to call an > > external tool from within LaTeX. > > needauth was a urgently needed mitigation of the security issues behind > running > arbitrary external tools when compiling LyX documents; a more engineered > remedy > AFAICR was actually the use of sandboxing machineries, which was prototyped on > Ubuntu/Linux using AppArmor.
I actually don't see where the urgency was. We were not distributing dangerous converters. Instead, now we do and those converters can execute arbitrary commands, so needauth is in the same board as shell escape and trying to separate the two issues is only instrumental. My 3c -- Enrico
