From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Robert Pluim Newsgroups: gmane.emacs.devel Subject: Re: master c86995d07e9: Enable code block evaluation when generating .org manuals Date: Fri, 07 Jun 2024 09:38:12 +0200 Message-ID: <87cyoti4nv.fsf@gmail.com> References: <171767737644.19678.784876979840850798@vcs2.savannah.gnu.org> <20240606123616.DE7C9C1F9EF@vcs2.savannah.gnu.org> <87h6e6i1mg.fsf@gmail.com> <87r0d9flv4.fsf@yahoo.com> <86msnxfe45.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="11234"; mail-complaints-to="usenet@ciao.gmane.io" Cc: , luangruo@yahoo.com, emacs-devel@gnu.org, kyle@kyleam.com To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Jun 07 09:39:16 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sFUBt-0002ZE-Id for ged-emacs-devel@m.gmane-mx.org; Fri, 07 Jun 2024 09:39:13 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sFUB3-0006l4-Ip; Fri, 07 Jun 2024 03:38:21 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFUB1-0006kM-Eq for emacs-devel@gnu.org; Fri, 07 Jun 2024 03:38:19 -0400 Original-Received: from mail-lj1-x230.google.com ([2a00:1450:4864:20::230]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sFUAz-0004YR-NO; Fri, 07 Jun 2024 03:38:19 -0400 Original-Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2eaafda3b5cso22349901fa.3; Fri, 07 Jun 2024 00:38:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717745896; x=1718350696; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FqI87l1D+TExtM/vIjhtpCFJtcDfDyKG516c8uI1CAk=; b=O4ykf4Ue6cskIrf+EOuQ33RDSNN6g5ytkmwaUniX4Y322ZopTJju0wqReE371toZoX Cg0ghMta+Kpqtveg6c52AFzw+8u3kiUMap1XqwBxT9Xy0JBbphgUraKcqsYdF68u4czq CrNVrAtrgdDclbnFXEU/Dou0NjbEnB1xLC/oWgeMHZw2qx8eRU4lGU/vSr9/vi5ZvhEI Cdf1XPHgODM2G11xm1/v4vCOYtdcPsgZvuO2sgPiXVnj2tT2aI3Zx2urU8MGN/5cpHKv +hC7tQlzTO8tOY22V3YP/P+0LwvWL46fkO94H1yW96CJKfsqwZ8TC6+voR1Surp2i5mb /WQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717745896; x=1718350696; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FqI87l1D+TExtM/vIjhtpCFJtcDfDyKG516c8uI1CAk=; b=b9QnaREOzMKfI0B0NA0xgOdjgCpDbwDXKSkuAEMCRZHX212M4175EzP6kN/AFQSWtd 8kOFIwo7XDlEjb0+VA1uhP4tIMPXnmhpruVi3ernkjSFNrRLUwbmQuAx9e0qdXBjcILA Bg8QUSrIM0N8Da+1HG0jhl9pTdUlepFnE67bNBhjrkMs+llffNDCI6HFR0Q9y9C68yEk kVgcojVrTYBqtM7Uc83cv4ywc+Z6g0A2DxK4/2tT7YayXBtGYW3JeAq/+67HMPAjFV6O t7fBlPuIkYr7MJFlVqNCpSnHU8BzT7CVgqJMpRRsXDEVbSjSSCXQj8YAVUxqa3iCISVR Oe5Q== X-Forwarded-Encrypted: i=1; AJvYcCU66ua1h3LOcwMPsAYODJ449vGrwAme36v59dhVjZ5/03hQHYkghkrtrbPuBeKoiH09U/f6O5jrUTS21u+B9zt/0stj X-Gm-Message-State: AOJu0Yx+pYF3i0V2TPCp8U5ULAoM0bQtnr2RIrb/O4UPJRXYTRK1WD+1 lp13AaJA1DQ/Yob9lMHrFqWhXG4xy3yw+4k4nJ906qf1bEoXB8yF X-Google-Smtp-Source: AGHT+IGnrL1gZPg6qSn8Ugl5Pw0SbS2rQupo5Se7XiuPL2wx0UL7J7IJ9bwg/9bsB4ZxvB9XKUWExQ== X-Received: by 2002:a05:651c:2119:b0:2ea:8163:5f39 with SMTP id 38308e7fff4ca-2eadce1e804mr13452411fa.10.1717745895255; Fri, 07 Jun 2024 00:38:15 -0700 (PDT) Original-Received: from rltb ([82.66.8.55]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4216acb8ac0sm7844795e9.0.2024.06.07.00.38.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 00:38:13 -0700 (PDT) In-Reply-To: <86msnxfe45.fsf@gnu.org> (Eli Zaretskii's message of "Fri, 07 Jun 2024 09:42:18 +0300") Received-SPF: pass client-ip=2a00:1450:4864:20::230; envelope-from=rpluim@gmail.com; helo=mail-lj1-x230.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:319864 Archived-At: >>>>> On Fri, 07 Jun 2024 09:42:18 +0300, Eli Zaretskii said: >> This is, strictly speaking, right, of course. Expectation-wise it do= es >> lower the bar for an attacker somewhat, since now the malicious code= just >> has to be snuck into documentation. >>=20 >> So I think Robert is right that it's worth a discussion (whatever the >> outcome might be: perhaps treat the doc as code and give it as much >> scrutiny? Eli> That ship sailed when we decided to allow manuals to be written in Eli> Org. So discussing this now is way too late, unless you want to Eli> suggest to go back on that decision and force all the manuals to be Eli> written in Texinfo. Allowing Org just added another markup language. Subverting that requires crafting documentation that causes the texinfo or org handling code to misbehave. I doubt that=CA=BCs impossible, given the ingenuity of attackers, but enabling direct evaluation of emacs lisp makes such subversion a whole lot easier. >> Anyway, the libxz episode shows that it seems to be easier to sneak >> malicious code "elsewhere" (in that case it was the test suite, but >> you get te idea). Eli> So you are saying that our co-maintainers are not to be trusted no= t to Eli> sneak such code into release tarballs? That's quite an insult, I'd Eli> say. It=CA=BCs not a question of trust, nor an attack on maintainers=CA=BC abili= ty: hiding such code from well-intentioned, skilled maintainers can and has been done. Eli> Why is it that a crime perpetrated by some villain immediately cau= ses Eli> people to suspect everyone around them to be capable of similar Eli> crimes? Nobody is accusing maintainers of bad intentions. My point was merely that we should think carefully about enabling such a feature. If the end result is that documentation changes are inspected more closely, that=CA=BCs not necessarily a bad thing. Robert --=20