[Pkg-lyx-devel] Hardening LyX with AppArmor
Sven Hoexter
sven at timegate.de
Thu Dec 29 20:42:28 UTC 2016
On Sun, Nov 13, 2016 at 03:39:42PM +0100, Tommaso Cucinotta wrote:
Hi Tommaso et al,
> I'd be grateful to get some feedback/comment on this issue:
>
> http://www.lyx.org/trac/ticket/10481
>
> It's about potential misuse of LyX via mal[iciously]formed documents having unintended effects when opened or compiled with LyX.
>
> I worked at a tentative fix using AppArmor, that seems standard on Ubuntu for other desktop apps. AppArmor is applied to a wrapper program shipping with LyX, which is pre-fixed to any external invoked script. This way, we can let external scripts have reduced permissions than LyX itself.
I'm way behind with my email handling but in general I've no objection to ship
AppArmor profiles in the Debian package. It's just a matter of someone implementing
the change.
Sven
More information about the Pkg-lyx-devel
mailing list