From mboxrd@z Thu Jan  1 00:00:00 1970
From: Nicolas Goaziou <n.goaziou@gmail.com>
Subject: Re: [PATCH 1/3] Mark ox-latex variables safe locals under proper
 conditions
Date: Wed, 30 Oct 2013 09:35:54 +0100
Message-ID: <87a9hrb1g5.fsf@gmail.com>
References: <1382991543-14273-1-git-send-email-aaronecay@gmail.com>
	<1382991543-14273-2-git-send-email-aaronecay@gmail.com>
	<874n80a3id.fsf@gmail.com> <878uxbcs2q.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34190)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <n.goaziou@gmail.com>) id 1VbRFa-0006DQ-Nd
	for emacs-orgmode@gnu.org; Wed, 30 Oct 2013 04:35:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <n.goaziou@gmail.com>) id 1VbRFZ-00051H-7D
	for emacs-orgmode@gnu.org; Wed, 30 Oct 2013 04:35:38 -0400
Received: from mail-wg0-x22c.google.com ([2a00:1450:400c:c00::22c]:56771)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <n.goaziou@gmail.com>) id 1VbRFY-000516-UF
	for emacs-orgmode@gnu.org; Wed, 30 Oct 2013 04:35:37 -0400
Received: by mail-wg0-f44.google.com with SMTP id n12so951593wgh.35
	for <emacs-orgmode@gnu.org>; Wed, 30 Oct 2013 01:35:36 -0700 (PDT)
Received: from selenimh ([91.224.148.150])
	by mx.google.com with ESMTPSA id ma3sm13148556wic.1.2013.10.30.01.35.35
	for <emacs-orgmode@gnu.org>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 30 Oct 2013 01:35:35 -0700 (PDT)
In-Reply-To: <878uxbcs2q.fsf@gmail.com> (Aaron Ecay's message of "Wed, 30 Oct
	2013 00:15:25 -0400")
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
To: emacs-orgmode@gnu.org

Hello,

Aaron Ecay <aaronecay@gmail.com> writes:

> 2013ko urriak 29an, Nicolas Goaziou-ek idatzi zuen:

>> Out of curiosity, why did you skip other variables (e.g.
>> org-latex-footnote-separator)?
>
> Because these variables insert arbitrary latex code into the export
> output, they could be put to nefarious purposes.  If I can trick you
> into compiling a latex document that I=E2=80=99ve inserted malicious code=
 into,
> AND into passing a particular non-default command line flag to latex,
> then I can execute arbitrary shell commands on your machine with your
> privileges.

You are right. In my mind, "safe" meant safe Lisp-wise, not LaTeX-wise.

I applied your patch. Thank you.


Regards,

--=20
Nicolas Goaziou