Security #9

New issue

Open

opened 2021-08-18 11:54:18 +00:00 by chaoslama · 0 comments

chaoslama commented 2021-08-18 11:54:18 +00:00

Owner

Copy link

Since we execute pandoc directly on the machine this is running on, we should have some security-considerations:

• Inclusion of files (images, the lua-file-inclusion) would allow to include system files. E.g. including ~/.ssh/key might expose private keys on the server. Thus we should cage the pandoc-files into the given directory (somehow).
• We should make sure, no random code-execution is possible. Since we allow executing LaTeX (in header-files, as well as in the input files) we should check there's no downside here.

Since we execute pandoc directly on the machine this is running on, we should have some security-considerations: - Inclusion of files (images, the lua-file-inclusion) would allow to include system files. E.g. including `~/.ssh/key` might expose private keys on the server. Thus we should cage the pandoc-files into the given directory (somehow). - We should make sure, no random code-execution is possible. Since we allow executing LaTeX (in header-files, as well as in the input files) we should check there's no downside here.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/configure

8-initial-webapp

No results found.

Labels

Clear labels   

bug

  

doc

  

duplicate

  

enhancement

  

epic

  

feature

  

help wanted

  

invalid

  

question

  

wontfix

No labels

bug

doc

duplicate

enhancement

epic

feature

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: chaoslama/make_pdf_web#9

No description provided.