On 2017-08-04, Christian Ridderström wrote: Hej Christian,
> Q1: Can postscript (PS) code be embedded in a LyX document in such a way > such that it's parsed when doing a preview, or exporting a document? Not usually. > Q2: Can PS code only be included by embedding a graphics inset referencing > e.g. a .ps-file? This is the normal way. However, raw LaTeX code (ERT, preamble, or a package like pstricks) can write a file with any kind of Postscript code that is then read in as included graphic. > Q3: Would the PS code, in e.g. an external file, be parsed as part of > previewing, or only when exporting? AFAIK, it is parsed for preview in the GUI as well as when opening the LaTeX-generated Postscript document in a viewer (e.g. via View>Postscript). I don't know whether the process of converting to PDF requires full parsing or is safe. > And finally: > Q4: Is PS code able to do system calls when called/parsed in some indirect > manner by LyX? I don't think so. However, Postscript can be used to hack a printer in various ways. https://web-in-security.blogspot.de/2017/01/printer-security.html Microsoft decided to end support for EPS images in MS Office. https://support.office.com/en-us/article/Support-for-EPS-images-has-been-turned-off-in-Office-A069D664-4BCF-415E-A1B5-CBB0C334A840 as of the April 11, 2017, security update. "This change was done in response to active security incidents involving files. EPS files allow embedded scripts, which makes them a means of malicious attack for anyone who inserts an EPS file or opens a document that has an EPS file in it." It may be interesting to find more about the background for this decision... > Depending on the result something should perhaps be added to the wiki page. > /Christian > Note: IIRC PS is Turing complete. As is TeX. Turing completeness does not necessarily mean "dangerous", it depends on the interpreter. Günter
