Le 05/07/2017 à 06:59, Scott Kostyshak a écrit :
Dear all,
This is an important topic since it involves security. I'd appreciate it
if you spent some time on understanding the issue.
Since this seems to be blocking for beta, I will risk a (cautious) foot
on the minefield.
It does not seems to me at first that minted is a must have feature, but
if people who know tell me that it is one, I'll believe it. Anyway, we
have to see what to do with LaTeX features that require write18 for
whatever reason. I see no reason why these should be more dangerous than
exernal programs like gnuplot/sweave/knitr.
To be frank, I refrained as long as possible to discuss the security
issues related to sweave because I did need the feature %-] But of
course I cannot deny that something has to be done.
I see three options for what to do about the minted + shell-escape
issue:
1. Revert the recently added minted support.
2. Keep the current state of master.
3. Apply the patch at [1] (also attached for convenience).
We do not have unanimous agreement on what to do and I would like to
have a vote, since this topic involves security.
What I would like to see is a generic version of patch [1] that does not
hardcode minted. Buffer::validate can be extended to set a "needauth"
flag. For UI's sake, it could also add a description of the element that
triggered it (here minted).
Then minted would be treated on the same level as gnuplot/sweave/knitr,
and the real problem would be the only meaningful one: how to implement
these security checks efficiently. I have unfortunately no insight on this.
Another relevant piece of news is that the minted author is interested
in making it so -shell-escape is not needed [2]. That work could be done
in minted within a few months (see the Github issue for details), and
perhaps we could incorporate this into LyX 2.4.0.
I do not think that minted in itself is relevant here. My point is that
shell-escape should be treated in the needauth framework.
JMarc
