On 28/06/2017 00:02, Enrico Forestieri wrote:
...and those converters can execute
arbitrary commands,
just to be sure, I just double-checked that on current trunk, without any settings in
one's ~/.lyx/, the default behavior will be "Forbid use of needauth
converters", so any of those dangerous ones would be disabled by default.
As for shell-escape, I couldn't go through the whole thread yet, but it seems
very related, so it makes sense to be added as well. Whether in this release or
next one, it's all up to the release master, though!
AFAICS, a reasonable (needauth-alike) behavior seems:
- a document-specific setting tagging the document as one needing to run latex
with -shell-escape
- only when trying to run latex (or pdflatex, if it supports -shell-escape, or
others), at the first attempt, trigger similar security questions as for
needauth:
a) the document needs to be compiled with this potentially harmful option,
are you sure you want to do that ? (y)es, (a)lways for this doc, (n)o [(r)un
without shell-escape ?]
b) have another set of settings similar to needauth ones (or re-use them ?)
that disable the question by default, so the user cannot choose (y)es unless
changes explicitly the settings
- if one just opens the .lyx, makes edits, but never previews, nor needs to run
latex, then no question pops up.
Just quick thoughts, though.
Good night.
T.
