[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files cor
From: |
Stefan Kangas |
Subject: |
Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly |
Date: |
Wed, 26 Oct 2022 06:15:22 -0700 |
Ihor Radchenko <yantar92@posteo.net> writes:
>> Note that with the suggested feature, any link you follow risks being
>> loaded in Org mode, before the user even has a chance to inspect the
>> file. Which Org features, currently existing or introduced in the
>> future, would EWW have to add workarounds for?
>
> That's not the case. Org never loads arbitrary code on loading the file
> without querying the user.
We seem to be miscommunicating. In the above, I was merely referring to
whether org-mode is run when visiting some URL or not, which AFAIU is a
binary thing (it either does, or it doesn't).
You seem to be talking about security features in org-mode itself, which
is related, but not the same thing. I agree that there are various
security features in org-mode. I still don't think that we should run
org-mode just because some URL requests it.
To reiterate what I said, security problems are hard to audit and
discover. We shouldn't expose users to additional risks just to add
such a minor convenience feature. It is not a good trade-off.
> Strictly speaking, even eww-mode may run arbitrary code given that user
> puts something into eww-mode-hook.
My concern is not that the users should run their own code, but that
they will inadvertently run (potentially malicious) code provided by
others.
> I'd say that it will be safer to take care about necessary precautions
> rather than leaving the user with the only option to run org-mode
> manually.
Adding a `safe-org-mode' would be an improvement, but orthogonal to
whether or not we should automatically load org-mode when visiting any
URL that presents itself as serving an org file. I think we should not
do the latter.
> If necessary, we can introduce a special variable in Org mode that will
> disable all the potential third-party code evaluation, even if user has
> customized Org to execute code without prompt.
That would also be an improvement, yes. It would be even better if such
a variable supported whitelisting, so that users could mark only
specific files as safe for these purposes.
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, (continued)
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly,
Stefan Kangas <=
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Max Nikulin, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Jean Louis, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, tomas, 2022/10/27
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Dr. Arne Babenhauserheide, 2022/10/27
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, indieterminacy, 2022/10/26
- Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Tim Cross, 2022/10/26
Re: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly, Ag Ibragimov, 2022/10/25