From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: master c86995d07e9: Enable code block evaluation when generating .org manuals Date: Fri, 07 Jun 2024 09:42:18 +0300 Message-ID: <86msnxfe45.fsf@gnu.org> References: <171767737644.19678.784876979840850798@vcs2.savannah.gnu.org> <20240606123616.DE7C9C1F9EF@vcs2.savannah.gnu.org> <87h6e6i1mg.fsf@gmail.com> <87r0d9flv4.fsf@yahoo.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="5636"; mail-complaints-to="usenet@ciao.gmane.io" Cc: luangruo@yahoo.com, rpluim@gmail.com, emacs-devel@gnu.org, kyle@kyleam.com To: Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Jun 07 08:42:52 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sFTJM-0001Ib-JC for ged-emacs-devel@m.gmane-mx.org; Fri, 07 Jun 2024 08:42:52 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sFTIw-0007KZ-LK; Fri, 07 Jun 2024 02:42:26 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFTIu-0007JN-CG for emacs-devel@gnu.org; Fri, 07 Jun 2024 02:42:24 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFTIs-0003Pv-JE; Fri, 07 Jun 2024 02:42:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=cO829YQwC2lhmS+7sfd+l4StAuX3n1AD3wbEgOKsTTc=; b=rjykMNiWckpI qGAKGF0q9WPeAo6IsEZdmH9doPbePiKE9rXq4uMxW/xCneInqa1Q03wLNK/PpCsZX4ANUttFur5Md bXRSU8SVy8fUqIzDIsA6f8mflc8xIrZ5n8BwrSE7RRwOyxOYcDy7NHM6Qexh+gN4tE53exIVrl1P5 e3qw6BEHKojcmCogGcC+jgaGPxr0Gh+sziqGqjQS1lm6hTHqEZTwEqq/x/ibnNUg+9ewTgHIoEjUN xsBg5NQFl0C7Bzn6tUSMSxSLh0ke02rZ+orjuP80KEn2tHk6f3UAEQWfAYS1fbu1JKl1v6M4+mszp E6pXK9FeDAfOMZmiKQ8yZA==; In-Reply-To: (tomas@tuxteam.de) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:319863 Archived-At: > Date: Fri, 7 Jun 2024 06:26:10 +0200 > Cc: Robert Pluim , emacs-devel@gnu.org, > Kyle Meyer > From: > > > > Eli> diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in > > > Eli> index 2841916dc89..b26d3525a22 100644 > > > Eli> --- a/doc/misc/Makefile.in > > > Eli> +++ b/doc/misc/Makefile.in > > > Eli> @@ -250,6 +250,7 @@ define org_template > > > Eli> $(1:.org=.texi): $(1) ${top_srcdir}/lisp/org/ox-texinfo.el > > > Eli> $${AM_V_GEN}cd "$${srcdir}" && $${emacs} -l ox-texinfo \ > > > Eli> --eval '(setq gc-cons-threshold 50000000)' \ > > > Eli> + --eval '(setq org-confirm-babel-evaluate nil)' \ > > > Eli> -f org-texinfo-export-to-texinfo-batch $$(notdir $$<) $$(notdir $$@) > > > Eli> endef > > > > > > This has set off my paranoia alarm. So anyone that manages to > > > sneak malicious emacs lisp code into the org manual gets to run that > > > code on the machines of everyone who builds emacs from source? > > > > No doubt you meant that anyone who manages to sneak malicious code into > > Emacs gets to run that code on the machines of everyone who builds Emacs > > from source, which is stating the obvious... > > This is, strictly speaking, right, of course. Expectation-wise it does > lower the bar for an attacker somewhat, since now the malicious code just > has to be snuck into documentation. > > So I think Robert is right that it's worth a discussion (whatever the > outcome might be: perhaps treat the doc as code and give it as much > scrutiny? That ship sailed when we decided to allow manuals to be written in Org. So discussing this now is way too late, unless you want to suggest to go back on that decision and force all the manuals to be written in Texinfo. > Anyway, the libxz episode shows that it seems to be easier to sneak > malicious code "elsewhere" (in that case it was the test suite, but > you get te idea). So you are saying that our co-maintainers are not to be trusted not to sneak such code into release tarballs? That's quite an insult, I'd say. Why is it that a crime perpetrated by some villain immediately causes people to suspect everyone around them to be capable of similar crimes?