[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media typ
From: |
Mike Kupfer |
Subject: |
Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media type) |
Date: |
Tue, 30 Jan 2024 09:12:49 -0800 |
Ihor Radchenko wrote:
> Max is referring to various security issues with evaluating code inside
> Org mode buffers. They are known, but not relevant to Org text being
> displayed in email MUA - Org never evaluates any code automatically
> without user explicitly asking for it. And in MUA, Org mode is simply
> used to apply faces. No other interaction with the displayed text/org
> mime part is allowed.
I can believe that Org text snippets are safe in an email MUA.
But in the general case, I don't think Org mode is quite as safe as you
implied. The last I heard, conversion from Org mode to another format
(e.g., plain text or HTML) can result in code evaluation, without the
user authorizing it (see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=48676). I would not
expect random users to understand that format conversion is a
potentially risky operation.
mike
- Re: bug#68687: [PATCH] Use text/org media type, (continued)
- Re: bug#68687: [PATCH] Use text/org media type, Eli Zaretskii, 2024/01/26
- Re: bug#68687: [PATCH] Use text/org media type, Max Nikulin, 2024/01/31
- Re: bug#68687: [PATCH] Use text/org media type, Richard Stallman, 2024/01/26
- Re: bug#68687: [PATCH] Use text/org media type, Max Nikulin, 2024/01/28
- Re: bug#68687: [PATCH] Use text/org media type, Eli Zaretskii, 2024/01/28
- Re: bug#68687: [PATCH] Use text/org media type, Richard Stallman, 2024/01/29
- Re: bug#68687: [PATCH] Use text/org media type, Ihor Radchenko, 2024/01/30
- Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media type),
Mike Kupfer <=
- Re: Org mode code evaluation (was: bug#68687: [PATCH] Use text/org media type), Ihor Radchenko, 2024/01/30
- Re: bug#68687: [PATCH] Use text/org media type, Max Nikulin, 2024/01/31
- Re: bug#68687: [PATCH] Use text/org media type, Ihor Radchenko, 2024/01/31
- Re: bug#68687: [PATCH] Use text/org media type, Eli Zaretskii, 2024/01/30
- Re: bug#68687: [PATCH] Use text/org media type, Stefan Kangas, 2024/01/31