I learned \write18 from a quick search:
http://stackoverflow.com/questions/3252957/how-to-execute-shell-script-from-latex

Security problems exist in most software packages. In this case
(knitr/Sweave), a pure technical solution does not seem to be
possible... Sometimes I do want to execute system() commands.

Regards,
Yihui
--
Yihui Xie <xieyi...@gmail.com>
Phone: 515-294-2465 Web: http://yihui.name
Department of Statistics, Iowa State University
2215 Snedecor Hall, Ames, IA


On Sun, Oct 21, 2012 at 1:54 AM, Liviu Andronic <landronim...@gmail.com> wrote:
> On Sun, Oct 21, 2012 at 6:55 AM, Yihui Xie <x...@yihui.name> wrote:
>> The blacklist-based solution can stop nothing as you showed, so I
>> think we cannot do much except writing it in the documentation.
>>
> What about an MS Excel style 'Do not execute scripts' option or
> dialogue? Basically we could introduce two modes when Sweave/knitr
> module is loaded:
> - Run scripts, all works as it does now.
> - Do not run scripts, where the scripty modules are being disabled (or
> similar) and some flag is being displayed somewhere, perhaps in the
> status bar (or the WM title bar).
>
> If scripts are detected then a dialogue pops up with a warning and
> asks the user how to proceed. This should provide a minimum of
> security.
>
> What do you think of this? Regards
> Liviu
>
> PS While we're on the subject of security, is it not possible to
> simply use LaTeX to write malicious code?

Reply via email to