Thanks for your thoughts Ethan and apologies for the top posting. I'm cc-ing the lyx-devel list to trigger some interaction.
Regards, Angus On Thursday 29 April 2004 6:17 pm, Ethan Merritt wrote: > On Thursday 29 April 2004 08:34 am, you wrote: > > I'm a developer of LyX (www.lyx.org) and we have been debating > > whether to add support for gnuplot scripts. > > Hi Angus, > > I'm a regular LyX user, and I'm on the gnuplot development team. > I generally generate plots as eps files and include them into LyX > documents in that form, but I agree it would be a nice feature to > facilitate inclusion of gnuplot output via one or more of the latex > terminal variants. > > > The LyX user would add a "gnuplot inset", containing the path to > > the data file containing gnuplot commands, to his document and > > LyX would automatically initiate the conversion to a > > LaTeX-friendly format as necessary. > > > > That's all fine and dandy, but we're worried about the > > possibility of lyx documents being hijacked. It's not hard to > > imagine a gnuplot script containing the line '!rm -rf $HOME/*'. > > While in principle I understand your concern, my initial reaction > is that it is not possible to restrict shell access without > crippling gnuplot past the point of usability. It is absolutely > typical, in my experience, for gnuplot to use shell commands > implicitly via input or output pipes during plot generation. > > > I realise that I could write a gnuplot wrapper script that > > removes the 'dangerous' lines, (Would "sed 's/!/#/'" be enough?) > > but it would be nice if gnuplot supported this natively. > > No, that would not help. If you want to shoot yourself in the > foot, consider: > > set title `cat "You lose" > ~/.bashrc` > or > plot "< rm -rf ." with impulse > > You would have to disable pipes and shell evaluations altogether, > and that would kill much of the power of using gnuplot. > > But what exactly are you trying to protect the user against? > If you want to be perverse from inside LyX you can already > create a malicious set of shell commands and same them as > plain text on top of ~/.bashrc or some other critical file. > > Hmmm. Maybe a captive LyX+gnuplot directory tree with > write access shared by the user and by an otherwise > unprivileged account (e.g. "nobody")? Then LyX could exec > gnuplot in a sub-process belonging to "nobody" rather than > to the user. In fact now that I think of it, you probably can > do this anyway simply by creating all intermediate output > in /tmp, and then copying back the resulting *.tex and *.eps > files into the user's proper directory. > > regards, > > Ethan
