emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
From: Tim Cross <theophilusx@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: [PATCH] Accept more :tangle-mode specification forms
Date: Sat, 20 Nov 2021 03:31:16 +1100	[thread overview]
Message-ID: <87pmqwt6zi.fsf@gmail.com> (raw)
In-Reply-To: <87mtm1e5lt.fsf@gmail.com>


Timothy <tecosaur@gmail.com> writes:

> Hi All,
>
> I thought I’d checked for this, but I’ve just noticed that :tangle-mode 755
> doesn’t actually work as expected. I assumed 755 would be passed as a string but
> org-babel-parse-header-arguments actually turns it into an integer, just like
> (identity #o755). Obviously 755 != #o755 and so this causes issues.
>
> As it stands “755” works, but that isn’t great (most importantly, it’s easy to
> confuse). Since it’s easier to add than remove things like this, we could just
> get rid of this for now, but a convenient octal notation was a large chunk of
> the motivation here IIRC.
>
> We could also change the implementation to handle :tangle-mode o755, which will
> make org-babel-parse-header-arguments parse the argument as a string.
>
> I’m be keen to hear other people’s thoughts on this.
>

Thanks for your work on this. I am a little concerned we are making a
rod for our back by trying to make this overly clever in order to
provide as much convenience to the user as possible. As this setting
does have significant security implications, I would favour a simple and
easily testable option which is concise and unambiguous over
convenience. I would drop the 'rwxrw-r--' format as it isn't typical,
not allow base10 mode specifications and possibly even limit what
can be set (i.e. no sticky bit etc, just read, write and execute).

Security issues are more often than not, caused by complexity. Things
become complex when we try to satisfy too many options. In this case,
rather than being liberal in what we accept and precise in what we
send/do, I think we need to be precise in what we accept and do.

I would just accept two formats, both being strings with either "o400"
(or perhaps "#o400") and "u+rwx" symbolic form and anything else
generates an error (a hard error, not a warning i.e. stop processing,
don't tangle). 
 
Making the octal version be "#o600" rather than just "o600" would
possibly make interpretation easier as it would avoid "o600" and "o+r" -
if it starts with "#o" interpret as octal, otherwise try to parse as
symbolic names.

this would mean there will be some edge cases where you cannot set the
mode precisely to the value you want. However, these will be fringe
cases and requiring the user to take additional/special steps in this
case is IMO not too much to ask in exchange for reliability and
correctness for the majority and avoiding dangerous corner cases. 


  parent reply	other threads:[~2021-11-19 17:11 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-30 18:14 [PATCH] Accept more :tangle-mode specification forms Timothy
2021-10-01  1:24 ` Tom Gillespie
2021-10-01  6:59   ` Timothy
2021-10-01  8:00     ` Stefan Nobis
2021-10-01 10:05       ` Eric S Fraga
2021-10-01 10:29         ` tomas
2021-10-01 18:04           ` Tom Gillespie
2021-10-01 18:14             ` Timothy
2021-10-01  8:39   ` Christian Moe
2021-10-05 14:45 ` Timothy
2021-10-05 15:54   ` unknown@email.com
2021-10-05 16:13     ` Timothy
2021-10-05 16:06   ` tomas
2021-10-06 11:59   ` Max Nikulin
2021-11-18 10:20   ` Timothy
2021-11-18 17:22     ` Timothy
2021-11-18 23:33       ` Tom Gillespie
2021-11-19 16:31       ` Tim Cross [this message]
2021-11-19 18:10         ` tomas
2021-11-20  4:31         ` Greg Minshall
2021-11-20  8:08         ` Timothy
2021-11-20 12:25           ` tomas
2021-11-20 14:50             ` Timothy
2021-11-20 16:09               ` tomas
2021-11-20 21:32               ` Tim Cross
2021-11-21  4:08               ` Greg Minshall
2021-11-21  4:27                 ` Timothy
2021-11-21  5:11                   ` Greg Minshall
2021-11-20 19:49           ` Tim Cross
2021-11-21  4:02             ` Timothy
2021-11-21 13:51               ` Tim Cross
2021-11-21 14:33                 ` Timothy
2021-11-29 18:57                   ` Timothy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87pmqwt6zi.fsf@gmail.com \
    --to=theophilusx@gmail.com \
    --cc=emacs-orgmode@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).