[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files cor
From: |
Dr. Arne Babenhauserheide |
Subject: |
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly |
Date: |
Wed, 26 Oct 2022 13:30:15 +0200 |
User-agent: |
mu4e 1.8.9; emacs 28.1 |
Ihor Radchenko <yantar92@posteo.net> writes:
> If necessary, we can introduce a special variable in Org mode that will
> disable all the potential third-party code evaluation, even if user has
> customized Org to execute code without prompt.
If that would be part of org-mode, this would be close to a
safe-org-mode.
An important part in what I wrote about safe-org-mode is that it has to
ensure that what is shown cannot trick the user into thinking something
else would get run.
A way to reduce risk would be to introduce a domain-allow-list (or
prefix-allow-list) in eww for filetypes that could be unsafe, so you
could for example add "orgmode.org" to your allowlist and for those
domains org-files would auto-open in org-mode.
Such security risks have a tendency of getting weaponized down the road
when they really hurt. Like when people didn’t care about npm
dependencies and had them suddenly deleting their files. And opening in
the currently used Emacs may give a malicious file access to remote
files opened via tramp, even if you (by virtue of being careful) require
a password for the connection to sensitive servers. That way, running
something in Emacs can be even more dangerous than running it in the
shell.
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
signature.asc
Description: PGP signature
Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Ihor Radchenko, 2022/10/25
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly,
Dr. Arne Babenhauserheide <=
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Tim Cross, 2022/10/26
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/27
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Stefan Kangas, 2022/10/26
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Max Nikulin, 2022/10/26
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/26
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, tomas, 2022/10/27
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/27
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, indieterminacy, 2022/10/26