all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Mike Kupfer <kupfer@rawbw.com>
To: Ihor Radchenko <yantar92@posteo.net>
Cc: rms@gnu.org, 68687@debbugs.gnu.org, emacs-orgmode@gnu.org,
	stefankangas@gmail.com, Eli Zaretskii <eliz@gnu.org>,
	manikulin@gmail.com
Subject: bug#68687: Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media type)
Date: Tue, 30 Jan 2024 09:12:49 -0800	[thread overview]
Message-ID: <28314.1706634769@alto> (raw)
In-Reply-To: <87mssn81dw.fsf@localhost>

Ihor Radchenko wrote:

> Max is referring to various security issues with evaluating code inside
> Org mode buffers. They are known, but not relevant to Org text being
> displayed in email MUA - Org never evaluates any code automatically
> without user explicitly asking for it. And in MUA, Org mode is simply
> used to apply faces. No other interaction with the displayed text/org
> mime part is allowed.

I can believe that Org text snippets are safe in an email MUA.  

But in the general case, I don't think Org mode is quite as safe as you
implied.  The last I heard, conversion from Org mode to another format
(e.g., plain text or HTML) can result in code evaluation, without the
user authorizing it (see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=48676).  I would not
expect random users to understand that format conversion is a
potentially risky operation.

mike





WARNING: multiple messages have this Message-ID (diff)
From: Mike Kupfer <kupfer@rawbw.com>
To: Ihor Radchenko <yantar92@posteo.net>
Cc: rms@gnu.org, 68687@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>,
	emacs-orgmode@gnu.org, manikulin@gmail.com,
	stefankangas@gmail.com
Subject: Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media type)
Date: Tue, 30 Jan 2024 09:12:49 -0800	[thread overview]
Message-ID: <28314.1706634769@alto> (raw)
In-Reply-To: <87mssn81dw.fsf@localhost>

Ihor Radchenko wrote:

> Max is referring to various security issues with evaluating code inside
> Org mode buffers. They are known, but not relevant to Org text being
> displayed in email MUA - Org never evaluates any code automatically
> without user explicitly asking for it. And in MUA, Org mode is simply
> used to apply faces. No other interaction with the displayed text/org
> mime part is allowed.

I can believe that Org text snippets are safe in an email MUA.  

But in the general case, I don't think Org mode is quite as safe as you
implied.  The last I heard, conversion from Org mode to another format
(e.g., plain text or HTML) can result in code evaluation, without the
user authorizing it (see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=48676).  I would not
expect random users to understand that format conversion is a
potentially risky operation.

mike


  reply	other threads:[~2024-01-30 17:12 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-21 13:56 Org mode MIME type Max Nikulin
2024-01-21 15:11 ` Timothy
2024-01-22 16:21   ` Max Nikulin
2024-01-24 14:43   ` bug#68687: [PATCH] Use text/org media type Max Nikulin
2024-01-25 23:10     ` Stefan Kangas
2024-01-25 23:10       ` Stefan Kangas
2024-01-25 23:43       ` Ihor Radchenko
2024-01-26  7:40         ` Eli Zaretskii
2024-01-26  7:40         ` Eli Zaretskii
2024-01-26 14:00           ` Ihor Radchenko
2024-01-26 14:00             ` Ihor Radchenko
2024-01-26 10:52         ` Max Nikulin
2024-01-30 19:39         ` Stefan Kangas
2024-01-30 20:34           ` Ihor Radchenko
2024-01-30 20:34             ` Ihor Radchenko
2024-01-30 19:39         ` Stefan Kangas
2024-01-25 23:43       ` Ihor Radchenko
2024-01-26  7:23       ` Eli Zaretskii
2024-01-26  7:23         ` Eli Zaretskii
2024-01-26 10:39         ` Max Nikulin
2024-01-26 12:22           ` Eli Zaretskii
2024-01-31 16:30         ` Max Nikulin
2024-01-31 16:30         ` Max Nikulin
2024-01-27  3:38       ` Richard Stallman
2024-01-27  3:38       ` Richard Stallman
2024-01-28 16:35         ` Max Nikulin
2024-01-28 16:35           ` Max Nikulin
2024-01-28 16:47           ` Eli Zaretskii
2024-01-30  3:56             ` Richard Stallman
2024-01-30 12:13               ` Ihor Radchenko
2024-01-30 12:13                 ` Ihor Radchenko
2024-01-30 17:12                 ` Mike Kupfer [this message]
2024-01-30 17:12                   ` Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media type) Mike Kupfer
2024-01-30 17:51                   ` Ihor Radchenko
2024-02-02  3:38                     ` bug#68687: " Richard Stallman
2024-02-02  3:38                       ` Richard Stallman
2024-02-02  4:58                       ` bug#68687: Org mode code evaluation Max Nikulin
2024-02-02  4:58                       ` Max Nikulin
2024-02-02 16:10                       ` bug#68687: Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media type) Ihor Radchenko
2024-01-30 17:51                   ` Ihor Radchenko
2024-01-31 16:18                 ` bug#68687: [PATCH] Use text/org media type Max Nikulin
2024-01-31 16:32                   ` Ihor Radchenko
2024-01-31 16:32                   ` Ihor Radchenko
2024-01-31 16:18                 ` Max Nikulin
2024-02-02  3:40                 ` Richard Stallman
2024-02-02  3:40                 ` Richard Stallman
2024-02-02  7:15                   ` Eli Zaretskii
2024-02-02  7:15                     ` Eli Zaretskii
2024-01-30 12:52               ` Eli Zaretskii
2024-01-30 12:52                 ` Eli Zaretskii
2024-01-30  3:56             ` Richard Stallman
2024-01-28 16:47           ` Eli Zaretskii
2024-01-31 20:00     ` Stefan Kangas
2024-01-31 20:00       ` Stefan Kangas
2024-02-01 10:40       ` Max Nikulin
2024-02-01 10:40         ` Max Nikulin
2024-02-02  7:09         ` Stefan Kangas
2024-02-02  7:09         ` Stefan Kangas
2024-02-02 16:28           ` bug#68687: [PATCH v2] " Max Nikulin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=28314.1706634769@alto \
    --to=kupfer@rawbw.com \
    --cc=68687@debbugs.gnu.org \
    --cc=eliz@gnu.org \
    --cc=emacs-orgmode@gnu.org \
    --cc=manikulin@gmail.com \
    --cc=rms@gnu.org \
    --cc=stefankangas@gmail.com \
    --cc=yantar92@posteo.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.