[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly
From: |
Dr. Arne Babenhauserheide |
Subject: |
Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly |
Date: |
Tue, 25 Oct 2022 23:54:46 +0200 |
User-agent: |
mu4e 1.8.9; emacs 28.1 |
Jean Louis <bugs@gnu.support> writes:
> * Dr. Arne Babenhauserheide <arne_bab@web.de> [2022-10-25 18:06]:
>> > This wish request is related to Emacs EWW and Org mode.
>> >
>> > Please make EWW recognize Org file when served by WWW server. Currently
>> > it does not recognize the MIME type text/x-org and opens the file as
>> > text, it does not invoke the org mode. In my opinion, it should.
>>
>> This sounds dangerous. Org mode can execute untrusted code, so this
>> could trick people into running untrusted code with the permissions of
>> their Emacs.
>
> I can always do that in Emacs, execute untrusted code. There are no
> trust mechanisms for plethora of Emacs packages and codes distributed
> over Internet.
All of the Emacs packages have some amount of implicit trust. Even melpa
carefully vets packages nowadays. That’s not the case for some website
you visit.
> That was not my request.
>
> Do you know how to make this work?
If you ask me whether I can make this work safely: This would first
require the introduction of a safe-org-mode which strictly disables all
features that can execute remote code or disguise unsafe operations as
safe ones. If a user then decides to explicitly call M-x org-mode,
that’s their problem.
If you ask me whether I know how to make this work unsafely: It likely
won’t need a lot of elisp reading, but I do not, because I do not look
for it, because if I did, I would not.
I do not want to be the one who caused the systems of eww users to get
breached, or who helped opening that security hole.
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
signature.asc
Description: PGP signature
- 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/25
- Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/25
- Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/25
- Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly,
Dr. Arne Babenhauserheide <=
- Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
- Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/26
- Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
- Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Andreas Schwab, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Andreas Schwab, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Andreas Schwab, 2022/10/27
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/27
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Andreas Schwab, 2022/10/27