Scott Kostyshak wrote: > Any thoughts as far as improving security, warning the user, or documentation?
Up to this moment we were trying not to include anything which could be used in the exec("rm -rf /") way (this was the only reason why gnuplot is not supported by lyx for example, there was working patch already). I didn't check your example but IIRC we used some special parameter for latex which forbids such security flaws - can you check whether your example really works? knitr/sweave stuff went in without anyone knowing it... IMHO we should either disable this by default or ask for the first time. If we have working mechanism how to notify the user, we can include gnuplot support as well. Pavel