[texworks] Scripting read access

Stefan Löffler st.loeffler at gmail.com
Mon Dec 6 08:08:36 CET 2010 

Hi,

On 2010-12-05 23:15, Paul A Norman wrote:
> I still feel that emphasizing inspection, and the provenance of
> scripts, is the best protection people have -
>
>  where did they get the script from?
>  do they have reason to trust the script writer?
>  Have they read though it?
>  does it use the system or  writeFile etc  words
>   - what does it use such words to do?

Agreed. Though the last two points are probably beyond the average
script-user (i.e., non-author). This will certainly be emphasized in the
manual.

> Even a non-scripter could spot such words, and if they didn't look
> 'right in their use'  ask a question on a forum first - and perhaps be
> introduced to scripting through the process.

Asking on a forum or the mailing list sounds like a good idea.

> Otherwise in a sense, what is a user deciding when they simply turn on:
>   allow scripts to read files,
>   allow scripts to write files,
>   allow system commands,
> or use powerful script plugins.
>
> What is the average Tw user actually, in reality, basing these decisions on?

I guess this is more of a question of philosophy. On Linux, for example,
most everyone is familiar with the rwx permissions. On Windows,
permissions are not generally so well-known, or if they are, they are
perceived only as an annoyance (and requires to rerun the command as
administrator without much further thinking).

Anyway, I'd expect most (simple) scripts to require no special
permissions, since they can read document-related files. It's probably
only a handful of power-scripts that need more advanced features. And in
that case, the security permissions could also be seen as an incentive
for script authors to think over if they really need this or that
permission, and if they do, this requires some form of documentation
(which is good in itself ;)). If some (most?) users just blindly follow
what they are told without thinking, then so be it. But others may know
something about permissions, or about plugins, and they might want a
more fine-grained control.

So, what I'm saying is this: if users need to enable something anyway,
it doesn't matter so much if this is a single master switch or if they
have to click two or three checkboxes. But it can make a huge difference
for people who know about this stuff... And I would rather not let users
enable formatting of the hard disk if they just want to use a script
that reads a file...

> Here I am assuming that scripts get into the Tw/config/scripts folder
> because the user is placing them there.  If we imagine that rogue
> scripts are going to find their way to that folder in a malicious
> manner, then what safety or purpose is there in ever ticking the
> security relax tick boxes?

I hope it never comes to this (that rogue scripts get there), but it
can't be ruled out. So ultimately, this is a decision between security
and freedom in functionality (as it always is). By default, nothing is
relaxed, so you have full security - and this should be feasible for
many users (in particular those who do not use scripting regularly or at
all). If you need more power, you need to relax the security measures,
but whether or not you do this is up to you as user. I don't think we
(the developers) should make this decision for all users out there. And
if you do relax the security measures, you should be aware of the
possible consequences, and might also want to better guard/check your
scripts folder, etc.

> Thinking about it in those terms led me to think that we were perhaps
> being developer centric in the security issues - and that in its
> present form and genesis, some of it will make no, or little, sense at
> all to many of the kind of new TeXworks users we want to attract into
> using LaTeX.
>
> That's why I gravitated into thinking about some sort of Master
> Switch, and be done with it.

As above: this is a question of philosophy, rather than a question of
developer vs. user. On Linux, for example, everyone has to deal with
permissions fairly often. This may not be the case on Windows (which I
think is a bad thing, but that's beside the point).
Anyway, "simple" scripts will work without any changed settings. More
powerful features will require the user to read and follow the
documentation of the script. I don't see too much of a problem in there.
But the user interface is not carved in stone ;).

Cheers,
Stefan

More information about the texworks mailing list