From: Max Nikulin <manikulin@gmail.com> To: Stefan Kangas <stefankangas@gmail.com>, 58774@debbugs.gnu.org, emacs-orgmode@gnu.org Subject: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Date: Thu, 27 Oct 2022 00:07:28 +0700 [thread overview] Message-ID: <e7dd50d4-bc87-0908-0130-f1af5bc993b6@gmail.com> (raw) In-Reply-To: <Y1jt9vLO7yb597zj@protected.localdomain> On 26/10/2022 15:21, Jean Louis wrote: > > (defun browse-safe-url (url &optional arg) ----------------^^^^ > "Browse URL with b" > (let ((username "joedoe")) ;; different username than my own > ;; Insecurity settings for personal DISPLAY only > (shell-command "xhost +") > ;; Browse URL with different username > (async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c" > (format "exec iceweasel \"%s\"" url)))) -------------------------------------------------^^^^^^ Do not name "safe" a function having security vulnerabilities. Leaving aside XAuth issues, it allows arbitrary command execution if URL for some reason is not properly percent-encoded. Do you think your reasoning related to security is still convincing? If you were just requested mapping of Content-Type to some mode in eww, perhaps it would pass. You demanded Org mode configured by default. Org have enough means to execute arbitrary code with minimal efforts from user side. E.g. value of table cell may be recalculated. Org files originating from non-trusted sources must be carefully evaluated before opening them in Emacs. Sometimes Org developer and maintainers do not have enough resources to react to security-related reports. An issue not so dangerous in the current state becomes really weird if Org mode becomes a default handler for files fetched from net. You may fight for your right to freely shoot your legs but you must be careful enough to not injury people around. Reputation of Emacs may be significantly affected by the requested change. I am strongly against Org mode as a default handler for files downloaded from web sites. Eww user option, if implemented, should have prominent warning that particular mode may not be ready for such usage and each case should be carefully evaluated for security issues.
WARNING: multiple messages have this Message-ID (diff)
From: Max Nikulin <manikulin@gmail.com> To: Stefan Kangas <stefankangas@gmail.com>, 58774@debbugs.gnu.org, emacs-orgmode@gnu.org Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Date: Thu, 27 Oct 2022 00:07:28 +0700 [thread overview] Message-ID: <e7dd50d4-bc87-0908-0130-f1af5bc993b6@gmail.com> (raw) In-Reply-To: <Y1jt9vLO7yb597zj@protected.localdomain> On 26/10/2022 15:21, Jean Louis wrote: > > (defun browse-safe-url (url &optional arg) ----------------^^^^ > "Browse URL with b" > (let ((username "joedoe")) ;; different username than my own > ;; Insecurity settings for personal DISPLAY only > (shell-command "xhost +") > ;; Browse URL with different username > (async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c" > (format "exec iceweasel \"%s\"" url)))) -------------------------------------------------^^^^^^ Do not name "safe" a function having security vulnerabilities. Leaving aside XAuth issues, it allows arbitrary command execution if URL for some reason is not properly percent-encoded. Do you think your reasoning related to security is still convincing? If you were just requested mapping of Content-Type to some mode in eww, perhaps it would pass. You demanded Org mode configured by default. Org have enough means to execute arbitrary code with minimal efforts from user side. E.g. value of table cell may be recalculated. Org files originating from non-trusted sources must be carefully evaluated before opening them in Emacs. Sometimes Org developer and maintainers do not have enough resources to react to security-related reports. An issue not so dangerous in the current state becomes really weird if Org mode becomes a default handler for files fetched from net. You may fight for your right to freely shoot your legs but you must be careful enough to not injury people around. Reputation of Emacs may be significantly affected by the requested change. I am strongly against Org mode as a default handler for files downloaded from web sites. Eww user option, if implemented, should have prominent warning that particular mode may not be ready for such usage and each case should be carefully evaluated for security issues.
next prev parent reply other threads:[~2022-10-26 17:07 UTC|newest] Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-10-25 12:06 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Jean Louis 2022-10-25 15:02 ` Dr. Arne Babenhauserheide 2022-10-25 19:56 ` bug#58774: " Jean Louis 2022-10-25 19:56 ` Jean Louis 2022-10-25 21:54 ` Dr. Arne Babenhauserheide 2022-10-26 7:57 ` bug#58774: " Jean Louis 2022-10-26 7:57 ` Jean Louis 2022-10-26 11:55 ` bug#58774: " Dr. Arne Babenhauserheide 2022-10-26 11:55 ` Dr. Arne Babenhauserheide 2022-10-26 12:20 ` Jean Louis 2022-10-26 12:45 ` bug#58774: " Andreas Schwab 2022-10-26 12:45 ` Andreas Schwab 2022-10-26 13:19 ` bug#58774: " Jean Louis 2022-10-26 13:19 ` Jean Louis 2022-10-26 13:55 ` Andreas Schwab 2022-10-26 17:36 ` Jean Louis 2022-10-26 17:36 ` Jean Louis 2022-10-27 7:58 ` Andreas Schwab 2022-10-27 8:40 ` Jean Louis 2022-10-27 8:40 ` Jean Louis 2022-10-27 11:22 ` Andreas Schwab 2022-10-27 11:22 ` Andreas Schwab 2022-10-27 11:23 ` Dr. Arne Babenhauserheide 2022-10-27 11:23 ` Dr. Arne Babenhauserheide 2022-10-27 7:58 ` Andreas Schwab 2022-10-26 13:55 ` Andreas Schwab 2022-10-26 7:59 ` Jean Louis 2022-10-26 7:59 ` Jean Louis 2022-10-25 23:03 ` Ihor Radchenko 2022-10-26 6:07 ` bug#58774: " Stefan Kangas 2022-10-26 6:07 ` Stefan Kangas 2022-10-26 6:52 ` Ihor Radchenko 2022-10-26 6:52 ` Ihor Radchenko 2022-10-26 8:24 ` Jean Louis 2022-10-26 8:24 ` Jean Louis 2022-10-26 20:22 ` indieterminacy 2022-10-26 20:22 ` indieterminacy 2022-10-26 11:30 ` Dr. Arne Babenhauserheide 2022-10-26 11:30 ` Dr. Arne Babenhauserheide 2022-10-26 21:41 ` Tim Cross 2022-10-27 10:43 ` Dr. Arne Babenhauserheide 2022-10-26 13:15 ` Stefan Kangas 2022-10-26 13:15 ` Stefan Kangas 2022-10-26 8:21 ` Jean Louis 2022-10-26 8:21 ` Jean Louis 2022-10-26 17:07 ` Max Nikulin [this message] 2022-10-26 17:07 ` Max Nikulin 2022-10-26 18:37 ` Jean Louis 2022-10-26 18:37 ` Jean Louis 2022-10-26 21:16 ` Dr. Arne Babenhauserheide 2022-10-26 21:16 ` Dr. Arne Babenhauserheide 2022-10-27 4:25 ` tomas 2022-10-27 11:10 ` Dr. Arne Babenhauserheide 2022-10-26 21:56 ` indieterminacy 2022-10-26 21:56 ` indieterminacy 2022-10-26 20:00 ` Tim Cross 2022-10-25 22:13 ` Ag Ibragimov 2022-10-26 8:28 ` Jean Louis 2022-10-26 13:00 ` Rudolf Adamkovič 2022-10-26 13:42 ` bug#58774: " Jean Louis 2022-10-26 13:42 ` Jean Louis 2022-10-27 4:55 ` Jean Louis 2022-10-27 4:55 ` Jean Louis 2022-10-27 11:13 ` bug#58774: " Dr. Arne Babenhauserheide 2022-10-27 11:13 ` Dr. Arne Babenhauserheide 2022-10-27 17:41 ` bug#58774: " Jean Louis 2022-10-27 17:41 ` Jean Louis 2022-10-27 21:43 ` bug#58774: " Dr. Arne Babenhauserheide 2022-10-27 21:43 ` Dr. Arne Babenhauserheide 2022-10-27 15:35 ` bug#58774: " Max Nikulin 2022-10-27 15:35 ` Max Nikulin 2022-10-27 17:58 ` Jean Louis 2022-10-27 17:58 ` Jean Louis 2022-10-27 21:49 ` Dr. Arne Babenhauserheide 2022-10-27 21:49 ` Dr. Arne Babenhauserheide 2022-10-27 18:25 ` Jean Louis 2022-10-27 18:25 ` Jean Louis 2022-10-27 19:53 ` Quiliro Ordóñez 2022-10-27 19:53 ` Quiliro Ordóñez 2022-10-27 19:58 ` Quiliro Ordóñez 2022-10-27 19:58 ` Quiliro Ordóñez 2022-10-27 21:57 ` Dr. Arne Babenhauserheide 2022-10-27 21:57 ` Dr. Arne Babenhauserheide 2022-10-27 22:18 ` Jean Louis 2022-10-27 22:18 ` Jean Louis 2022-10-27 23:14 ` Dr. Arne Babenhauserheide 2022-10-27 23:14 ` Dr. Arne Babenhauserheide 2022-10-27 23:20 ` Ihor Radchenko 2022-10-27 23:20 ` Ihor Radchenko 2022-10-28 8:28 ` Dr. Arne Babenhauserheide 2022-11-02 4:09 ` Ihor Radchenko 2022-11-02 4:09 ` Ihor Radchenko 2022-10-28 8:28 ` Dr. Arne Babenhauserheide 2023-09-02 8:53 ` Stefan Kangas
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=e7dd50d4-bc87-0908-0130-f1af5bc993b6@gmail.com \ --to=manikulin@gmail.com \ --cc=58774@debbugs.gnu.org \ --cc=emacs-orgmode@gnu.org \ --cc=stefankangas@gmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/emacs.git https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.