Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary

emacs-orgmode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary

From:	Ihor Radchenko
Subject:	Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Date:	Fri, 18 Aug 2023 11:05:10 +0000

Max Nikulin <manikulin@gmail.com> writes:

> Ihor, this is a list, not an expression to be evaluated. There are some 
> conditions to avoid user prompts for strings, lists, etc. They are 
> considered safe.
>
> This particular case is handled namely by ob-sqlite and the proposed 
> function in org-macs.

Do you have any ideas how to work around the deliberately constructed
header argument values like in your example?

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

[Prev in Thread]

Current Thread

[Next in Thread]

[BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/11
- Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/13
  - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/17
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/18
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/18
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko <=
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/19
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/21
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/21
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/22
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/28
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/29
    - [SECURITY] Shell expansion of babel header args (was: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands), Ihor Radchenko, 2023/08/21
  - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/17

Prev by Date: Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Next by Date: Re: [BUG] ob-sqlite: can not override header argument
Previous by thread: Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Next by thread: Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Index(es):
- Date
- Thread