From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Max Nikulin Newsgroups: gmane.emacs.bugs,gmane.emacs.orgmode Subject: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Date: Thu, 27 Oct 2022 00:07:28 +0700 Message-ID: References: <86bkq0qf8p.fsf@protected.rcdrun.com> <87bkq0t03l.fsf@web.de> <87v8o7qzff.fsf@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="2107"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 To: Stefan Kangas , 58774@debbugs.gnu.org, emacs-orgmode@gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Oct 26 19:10:51 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1onjvV-0000Aw-9E for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 26 Oct 2022 19:10:49 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1onjsr-0008EV-Tv; Wed, 26 Oct 2022 13:08:05 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onjsp-0007sa-DN for bug-gnu-emacs@gnu.org; Wed, 26 Oct 2022 13:08:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1onjsp-00064t-4q for bug-gnu-emacs@gnu.org; Wed, 26 Oct 2022 13:08:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1onjsp-0000SS-06 for bug-gnu-emacs@gnu.org; Wed, 26 Oct 2022 13:08:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Max Nikulin Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 26 Oct 2022 17:08:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58774 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: wontfix Original-Received: via spool by 58774-submit@debbugs.gnu.org id=B58774.16668040641719 (code B ref 58774); Wed, 26 Oct 2022 17:08:02 +0000 Original-Received: (at 58774) by debbugs.gnu.org; 26 Oct 2022 17:07:44 +0000 Original-Received: from localhost ([127.0.0.1]:55201 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1onjsW-0000Rd-1T for submit@debbugs.gnu.org; Wed, 26 Oct 2022 13:07:44 -0400 Original-Received: from mail-lj1-f182.google.com ([209.85.208.182]:36684) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1onjsP-0000R7-1y for 58774@debbugs.gnu.org; Wed, 26 Oct 2022 13:07:39 -0400 Original-Received: by mail-lj1-f182.google.com with SMTP id u2so13848080ljl.3 for <58774@debbugs.gnu.org>; Wed, 26 Oct 2022 10:07:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=7g2QvdEWXZFcN9igDWPDG8H6NSoIGEXzunmMRT29fvM=; b=gHt3nTbwejoC8OTO0E+5ND4DjLj73m2FAS9OtmspU+YW536WWRXoVcDolIaNopbpyi anovOkACc9NevL2Ez4xyoQ1YAIEsDGpsOqTQYZVzeDgBpoFtaBoanZObdU29krVZPnqb 39TmVMX+v+UymmZ3PcDv3hfQGtJxfFE3Ec1/NibfCM3VaSEe5j7x1oz8iGb0GvBj1fCh E5xuraIVfgd5EvJd5EOATwenaErWdSMpZ/xoo4YaEZB1eq84ZTHQWMdPlJSnPBBbA/6b e5Pm+C9fJMAZjaNJrkl32oEUW7TeM+Pn0IPe6GbojyrUq8pIVNtLdaG5X/AG3Nm5qEMj BD1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7g2QvdEWXZFcN9igDWPDG8H6NSoIGEXzunmMRT29fvM=; b=Xz/dQHlyFtVZlnGNQtjXwkcEFLLiHd+t0dmS1KQ7ZELB65fdFDnhNiAKPhqwE5lJSd BD4zBClV/eYt5kQq/Qr1oAeQ7ZDyuL3DeeLOp+Ad9Dlk2bi8dmSGYhmABOQsx/JKv1fI 0IOoK/boI4ZZcWueq27szxdH9r/wr96H49BDDjplPGTW6+Fdqk9Tc1WmFhN3wjaFuGOo uylYcQ2VdxubnOdjPOU53Y9TGLUYlltD9e4YnnxTxane/hM9UmlBmKctw3hgrFoREwef QBJsRnRF01wS0kk2jaUj2q6dyYo+C1bXzLrE2voCb581VtVCJBMgZEIDScvGvpaC2bqC VvBg== X-Gm-Message-State: ACrzQf0xZP0RNTazlURMmYjHg0hnQmkZAOl/KW4GKHmaCc+tKO+dY6ad zutUC5XlOZG3wnsU9t1jBeg= X-Google-Smtp-Source: AMsMyM4EEv0IdFf+5zlXUS6v2XFYMxDfy1n8OzUEVyhE6A3wGGfVCvWtrjNAuwYVxpndDw+2lScSyw== X-Received: by 2002:a2e:940f:0:b0:26f:c160:6ddc with SMTP id i15-20020a2e940f000000b0026fc1606ddcmr17435156ljh.164.1666804050624; Wed, 26 Oct 2022 10:07:30 -0700 (PDT) Original-Received: from [192.168.0.101] (nat-0-0.nsk.sibset.net. [5.44.169.188]) by smtp.googlemail.com with ESMTPSA id z25-20020a2eb539000000b0026fc8855c20sm1016164ljm.19.2022.10.26.10.07.29 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Oct 2022 10:07:30 -0700 (PDT) Content-Language: en-US In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: "bug-gnu-emacs" Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:246246 gmane.emacs.orgmode:149949 Archived-At: On 26/10/2022 15:21, Jean Louis wrote: > > (defun browse-safe-url (url &optional arg) ----------------^^^^ > "Browse URL with b" > (let ((username "joedoe")) ;; different username than my own > ;; Insecurity settings for personal DISPLAY only > (shell-command "xhost +") > ;; Browse URL with different username > (async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c" > (format "exec iceweasel \"%s\"" url)))) -------------------------------------------------^^^^^^ Do not name "safe" a function having security vulnerabilities. Leaving aside XAuth issues, it allows arbitrary command execution if URL for some reason is not properly percent-encoded. Do you think your reasoning related to security is still convincing? If you were just requested mapping of Content-Type to some mode in eww, perhaps it would pass. You demanded Org mode configured by default. Org have enough means to execute arbitrary code with minimal efforts from user side. E.g. value of table cell may be recalculated. Org files originating from non-trusted sources must be carefully evaluated before opening them in Emacs. Sometimes Org developer and maintainers do not have enough resources to react to security-related reports. An issue not so dangerous in the current state becomes really weird if Org mode becomes a default handler for files fetched from net. You may fight for your right to freely shoot your legs but you must be careful enough to not injury people around. Reputation of Emacs may be significantly affected by the requested change. I am strongly against Org mode as a default handler for files downloaded from web sites. Eww user option, if implemented, should have prominent warning that particular mode may not be ready for such usage and each case should be carefully evaluated for security issues.