From: Reiner Steib <reinersteib+gmane@imap.cc>
To: Richard Stallman <rms@gnu.org>
Cc: Tassilo Horn <tassilo@member.fsf.org>, emacs-devel@gnu.org
Subject: Re: doc-view and mailcap
Date: Wed, 17 Oct 2007 19:59:41 +0200 [thread overview]
Message-ID: <v9tzop7hbm.fsf@marauder.physik.uni-ulm.de> (raw)
In-Reply-To: <E1Ii13o-0002H3-F1@fencepost.gnu.org> (Richard Stallman's message of "Wed, 17 Oct 2007 01:03:12 -0400")
On Wed, Oct 17 2007, Richard Stallman wrote:
> I didn't have time to try doc-view yet [...], so I don't know if
> doc-view makes sense for attachments.
>
> Would you please report back when you are able to try it?
I had a quick look at `doc-view.el'. There's a security issue when
using `doc-view' in mailcap. mailcap attempts to use a safe viewer
with the safest options[1], e.g. it calls gv, gs and xdvi with the
"-safer" option [2]. AFAICS, `doc-view' doesn't use such options. At
least "-dSAFER" should be added in `doc-view-ghostscript-options' and
`doc-view-ps2pdf-program' (or a new variable
`doc-view-ps2pdf-options'?) when used with mailcap (or even always?).
I don't know if similar security options are available for dvipdfm and
pdftotext.
Bye, Reiner.
[1]
,----[ (info "(emacs-mime)Display Customization") ]
| `mm-enable-external'
| Indicate whether external MIME handlers should be used.
|
| If `t', all defined external MIME handlers are used. If `nil',
| files are saved to disk (`mailcap-save-binary-file'). If it is
| the symbol `ask', you are prompted before the external MIME
| handler is invoked.
|
| When you launch an attachment through mailcap (*note mailcap::) an
| attempt is made to use a safe viewer with the safest options--this
| isn't the case if you save it to disk and launch it in a different
| way (command line or double-clicking). Anyhow, if you want to be
| sure not to launch any external programs, set this variable to
| `nil' or `ask'.
`----
[2]
,----[ M-x occur RET safer RET ]
| 4 matches for "safer" in buffer: mailcap.el
| 94: (viewer . "xdvi -safer %s")
| 140: (viewer . "gv -safer %s")
| 160: (viewer . "gv -safer %s")
| 166: (viewer . "ghostview -dSAFER %s")
`----
,----[ gv(1) ]
| -safer, -nosafer
|
| Whether to start ghostscript with the -dSAFER option.
`----
,----[ gs(1) ]
| -dSAFER
| Disables the "deletefile" and "renamefile" operators
| and the ability to open files in any mode other than
| read-only. This strongly recommended for spoolers,
| conversion scripts or other sensitive environments
| where a badly written or malicious PostScript program
| code must be prevented from changing important files.
`----
,----[ xdvi(1) ]
| -safer
| (.safer) This option turns on all available security
| options; it is designed for use when xdvi is called by
| a browser that obtains a dvi or TeX file from another
| site. This option selects +nogssafer and +allowshell.
`----
--
,,,
(o o)
---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/
next prev parent reply other threads:[~2007-10-17 17:59 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-02 9:15 Please install: Some improvements to doc-view.el Tassilo Horn
2007-10-02 13:04 ` Davis Herring
2007-10-02 14:42 ` Tassilo Horn
2007-10-02 16:49 ` Tassilo Horn
2007-10-02 17:33 ` Andreas Schwab
2007-10-02 18:19 ` Tassilo Horn
2007-10-03 18:37 ` Richard Stallman
2007-10-03 23:29 ` Michaël Cadilhac
2007-10-04 7:53 ` Tassilo Horn
2007-10-05 16:13 ` Richard Stallman
2007-10-05 16:43 ` Tassilo Horn
2007-10-06 14:16 ` Tassilo Horn
2007-10-06 23:54 ` Juri Linkov
2007-10-08 15:26 ` Sascha Wilde
2007-10-08 15:51 ` Tassilo Horn
2007-10-08 19:34 ` Juri Linkov
2007-10-09 9:02 ` Tassilo Horn
2007-10-09 21:55 ` Juri Linkov
2007-10-11 1:28 ` Doc-view as default viewer for pdf, ps and dvi files (was: Please install: Some improvements to doc-view.el) Tassilo Horn
2007-10-12 2:46 ` Richard Stallman
2007-10-12 13:09 ` Doc-view as default viewer for pdf, ps and dvi files Tassilo Horn
2007-10-13 0:18 ` Richard Stallman
2007-10-13 8:25 ` Tassilo Horn
2007-10-13 19:48 ` Richard Stallman
2007-10-17 23:34 ` Juri Linkov
2007-10-18 6:47 ` Tassilo Horn
2007-10-18 8:28 ` Tassilo Horn
2007-10-07 13:10 ` Please install: Some improvements to doc-view.el Richard Stallman
2007-10-08 19:42 ` Juri Linkov
2007-10-09 20:03 ` Richard Stallman
2007-10-09 21:30 ` Tassilo Horn
2007-10-15 18:31 ` Richard Stallman
2007-10-15 20:58 ` Tassilo Horn
2007-10-17 23:49 ` Scrolling in doc-view Chong Yidong
2007-10-18 6:27 ` Tassilo Horn
2007-10-18 8:29 ` Tassilo Horn
2007-10-09 21:54 ` Please install: Some improvements to doc-view.el Juri Linkov
2007-10-09 22:17 ` mailcap viewers in dired; gnus-dired.el, mailcap.el (was: Please install: Some improvements to doc-view.el) Reiner Steib
2007-10-09 22:47 ` Juri Linkov
2007-10-10 21:20 ` mailcap viewers in dired; gnus-dired.el, mailcap.el Reiner Steib
2007-10-10 23:43 ` Juri Linkov
2007-10-15 1:37 ` Richard Stallman
2007-10-15 23:46 ` Juri Linkov
2007-10-16 6:49 ` Tassilo Horn
2007-10-18 17:48 ` Lars Magne Ingebrigtsen
2007-10-19 5:40 ` Richard Stallman
2007-10-15 1:37 ` Please install: Some improvements to doc-view.el Richard Stallman
2007-10-15 23:45 ` Juri Linkov
2007-10-16 19:09 ` Richard Stallman
2007-10-16 19:26 ` Leo
2007-10-17 5:03 ` Richard Stallman
2007-10-17 10:15 ` Leo
2007-10-17 20:49 ` Richard Stallman
2007-10-17 21:12 ` Leo
2007-10-19 5:40 ` Richard Stallman
2007-10-17 22:04 ` doc-view and mailcap (was: Please install: Some improvements to doc-view.el) Reiner Steib
2007-10-17 23:35 ` doc-view and mailcap Juri Linkov
2007-10-18 7:31 ` Reiner Steib
2007-11-25 22:53 ` Reiner Steib
2007-11-26 11:16 ` Tassilo Horn
2007-12-01 18:26 ` Tassilo Horn
2007-12-01 19:50 ` Reiner Steib
2007-12-03 0:33 ` Juri Linkov
2007-12-03 7:41 ` Reiner Steib
2007-12-03 8:18 ` Tassilo Horn
2007-12-03 18:42 ` Richard Stallman
2007-12-03 22:16 ` Tassilo Horn
2007-12-03 22:55 ` Juri Linkov
2007-12-04 9:20 ` Tassilo Horn
2007-12-04 18:22 ` Reiner Steib
2007-12-04 22:45 ` Juri Linkov
2007-12-05 10:08 ` Tassilo Horn
2007-12-05 20:02 ` Reiner Steib
2007-12-05 22:45 ` Juri Linkov
2007-10-16 20:43 ` doc-view and mailcap (was: Please install: Some improvements to doc-view.el) Reiner Steib
2007-10-17 1:16 ` doc-view and mailcap Stefan Monnier
2007-10-17 14:10 ` Richard Stallman
2007-10-17 14:39 ` Stefan Monnier
2007-10-17 16:55 ` Reiner Steib
2007-10-17 23:36 ` Juri Linkov
2007-10-18 5:02 ` Richard Stallman
2007-10-17 5:03 ` doc-view and mailcap (was: Please install: Some improvements to doc-view.el) Richard Stallman
2007-10-17 17:59 ` Reiner Steib [this message]
2007-10-17 20:32 ` doc-view and mailcap Tassilo Horn
2007-10-17 21:45 ` Reiner Steib
2007-10-18 4:19 ` Stefan Monnier
2007-10-18 7:33 ` Reiner Steib
2007-10-18 8:24 ` Tassilo Horn
2007-10-18 6:24 ` Tassilo Horn
2007-10-18 20:08 ` Richard Stallman
2007-10-18 20:30 ` Reiner Steib
2007-10-18 21:22 ` Tassilo Horn
2007-10-19 0:42 ` Juri Linkov
2007-10-19 17:42 ` Richard Stallman
2007-10-16 23:52 ` Please install: Some improvements to doc-view.el Juri Linkov
2007-10-06 21:47 ` Stefan Monnier
2007-10-07 13:10 ` Richard Stallman
2007-10-07 0:30 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=v9tzop7hbm.fsf@marauder.physik.uni-ulm.de \
--to=reinersteib+gmane@imap.cc \
--cc=Reiner.Steib@gmx.de \
--cc=emacs-devel@gnu.org \
--cc=rms@gnu.org \
--cc=tassilo@member.fsf.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.