Bo Peng wrote:
The new problems embedding causes are security problems when these files
are unbundled, as Andre has pointed out. And see my private message for an
even worse scenario than his. As Andre said, here there be dragons, and even
if we could solve these problems, would we be sure we'd solved them all?
They are solved right? Because nothing would be written outside of the
document directory?
If you go that way, yes. But then it's unclear why you really need to
know the original path, as Jose has been saying. The only possible
reason would be to update from an external file, and there are other
ways to do that, outside of LyX. Moreover, note that if all paths are
downward from the document directory, the whole need to calculate
inzipName(), store this in the insets, etc, evaporates.
Your approach solves the easy problem of
bundling files under the document directory, but does nothing in this
case. I do not see why people criticize my approach as not addressing
the problem good enough, whereas your approach tries to avoid it
altogether.
Right, but I only require this in the bundling scenario. And I propose to
help people out by allowing them to select an arbitrary file in (say) the
graphics dialog but then to copy it to where it needs to be, popping up a
message to that effect.
I do not "require* anything.
Well, the difference seems to me trivial, assuming that we accept what
Jose has been saying, namely, that we do not store absolute paths in the
LyX file and, moreover, that we do not store paths outside the document
directory. (I'm less sure what Jose's view about that is, but that seems
a sensible security precaution, and I think that is his point.) So, if
we accept that much, then: You copy the file to the temporary directory
and then bundle it; I copy it to a subdirectory and bundle it. You don't
unbundle unless the user asks to do so; I do it transparently. I don't
see much difference.
In any event, the security worries must be paramount. Allowing bundling of
files from arbitrary locations is asking for trouble, even if they're not
arbitrary files.
You can read these files, you use them in your latex file, you can not
write them outside of document directory. Please tell me, just one
case, why this would potentially be dangerous?
Not writing outside the document directory obviously helps. Since I
don't know enough about TeX programming, I ask: If I bundle virus.exe,
can I manage to include TeX code in a .sty file (or even just in the
preamble) that will cause it to be executed? Even if not, I still think
allowing the bundling of virus.exe is a seriously bad idea. This is an
issue about bundling of arbitrary files rather than one about pathnames.
Richard
