From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 6GbkNZjqWGMM+QAAbAwnHQ (envelope-from ) for ; Wed, 26 Oct 2022 10:06:48 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id cOzRNZjqWGNS0QAA9RJhRA (envelope-from ) for ; Wed, 26 Oct 2022 10:06:48 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A2EDA3C6AA for ; Wed, 26 Oct 2022 10:06:48 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1onbKj-00053j-KL; Wed, 26 Oct 2022 04:00:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onbKV-0004zG-BS; Wed, 26 Oct 2022 04:00:04 -0400 Received: from stw1.rcdrun.com ([217.170.207.13]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onbKR-000759-39; Wed, 26 Oct 2022 04:00:01 -0400 Received: from localhost ([::ffff:197.239.4.142]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000081D92.000000006358E8F9.00005D10; Wed, 26 Oct 2022 00:59:53 -0700 Date: Wed, 26 Oct 2022 10:57:16 +0300 From: Jean Louis To: "Dr. Arne Babenhauserheide" Cc: bug-gnu-emacs@gnu.org, emacs-orgmode@gnu.org Subject: Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Message-ID: Mail-Followup-To: "Dr. Arne Babenhauserheide" , bug-gnu-emacs@gnu.org, emacs-orgmode@gnu.org References: <86bkq0qf8p.fsf@protected.rcdrun.com> <87bkq0t03l.fsf@web.de> <87r0yvsgtt.fsf@web.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87r0yvsgtt.fsf@web.de> User-Agent: Mutt/2.2.7+37 (a90f69b) (2022-09-02) Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_SBL=0.141, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Emacs-orgmode" Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1666771608; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=PPUFxOiV7/ObzxFDf6O0L6u+MJ/6ZfJ5aQKHTB8MUB4=; b=J7dd26wda/MsvawNfOiCBfC6VEmGfphb1hrRXOx+0keNN5UnqsV1hLJH+hWOTh8tOF6fEX mrRZdcinVWQ1XsggKj3/mHfmVCZt7vbDRyIK6gQj+QtOL5MvRZ99ukiMEGDps/zj28u1cT TDJFFNOh4+fqG2QOBPnmcIYTa7qcwAO+U6ix6uQ4CICDe9Fd95DuEEMvSmMT+Hx/DbaVbk F0PcgCMXQqjd6C6vfjXAq+BjXQJdI9ysxaNcNqpKdDJAlj6e/HH5BpIkifcjCmZ9zmf7r6 iEao9OUyL31ISXcMXM8oMRREBgi3LHfZ8axeQDFYAdyGdZS3/V8l4puoUujjnw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666771608; a=rsa-sha256; cv=none; b=p1TAmQkV7vwEDBvuL5kxbjtdZmikUz1QdB8FtV4yVP1MPc04kL9j+lPTuxxte20sBwByey X5Nm83g0PaZzeHXLLSfSMFr30nCGNOofkXDf36nSHHJWC8idM4xJi3xiqhCTm0E0H5rImT 7ws5dfmGnl/3soRd1VTleqYjr7BHHbK99sZhiZWS506QPMGYxIh08vVeP5/S4qkicsL0RZ /njIC8qIsQ3Z9UrSY9de+tu4wEF6ZhRisGXP+dJtFkpkrG4JIui6j54sPhY/sZyTLx3FXr MYlBPuTwYNE9Z6prafWu6RdjDo9tkFwkYmyQyBYF8VMn5jIkp2lOw1L41LRFDQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.01 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: A2EDA3C6AA X-Spam-Score: -2.01 X-Migadu-Scanner: scn0.migadu.com X-TUID: 4AGJlGdUVohm * Dr. Arne Babenhauserheide [2022-10-26 01:02]: > All of the Emacs packages have some amount of implicit trust. Users are unaware what package may do, and packages are everywhere on Internet. That is not a problem that I wish to solve. > If you ask me whether I can make this work safely: This would first > require the introduction of a safe-org-mode which strictly disables all > features that can execute remote code or disguise unsafe operations as > safe ones. If a user then decides to explicitly call M-x org-mode, > that’s their problem. Thanks, though, that was not my request. Please note that you miss very important issue, and that is that all browsers support customization on how to open specific content types, so it is quite trivial to customize in browser to open Common Lisp program with Common Lisp. Thus all of browsers who allow content type customization are analogous to problem you are presenting, which in fact is no practical problem at all. Find the victim first, then present the problem. To understand is that content type opening is generally not secure and that it is user choice. I am user of Org mode, and all I wish is to adapt eww to invoke command "org-mode" once content type text/x-org has been recognized. This way I can browse Org files directly, it is very useful for me as I have bunch of files. > If you ask me whether I know how to make this work unsafely: It likely > won’t need a lot of elisp reading, but I do not, because I do not look > for it, because if I did, I would not. Well then 👀 > I do not want to be the one who caused the systems of eww users to get > breached, or who helped opening that security hole. See above, all other content types and URL links may be customized by user to be opened how users want it. Your security presentation lacks the background knowledge. See the attached screenshot how easy it was to customize IceWeasel or Firefox derivate to open Org files by using Emacs client. I have script called "edit" which invoces emacsclient. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/