From: Aaron Ecay <aaronecay@gmail.com>
To: "Charles C. Berry" <ccberry@ucsd.edu>,
Derek Feichtinger <derek.feichtinger@psi.ch>
Cc: emacs-orgmode@gnu.org
Subject: Re: org-export-babel-evaluate=nil ignores ":exports results" setting - this has changed
Date: Tue, 21 Feb 2017 10:51:18 +0000 [thread overview]
Message-ID: <87fuj7u89l.fsf@trex> (raw)
In-Reply-To: <alpine.OSX.2.20.1702201539500.2883@charles-berrys-macbook.local>
Hi Chuck,
2017ko otsailak 20an, "Charles C. Berry"-ek idatzi zuen:
[...]
>
> Allowing header args to be processed (as before) also allows for arbitrary
> code to be executed. The point of setting ‘org-export-use-babel’ or
> `org-export-babel-evaluate' to nil was to prevent this. For that reason
> the former behavior was a bug.
Iʼm not sure I agree that itʼs so simple. There are still ways to execute
arbitrary code on export independently of babel (e.g. eval macros). The
advice to use o-e-babel-evaluate for security was never (IMO) correct –
the only properly secure wat to export untrusted documents would involve
some kind of sandboxing of the emacs executable.
The original bug that led to the change in the behavior of o-e-b-e was
that a misspecified var header would lead to an error on export
<http://thread.gmane.org/gmane.emacs.orgmode/106767>. I think the
change was an overreaction to that problem (and insofar as it changed
the long-standing behavior of that variable, a regression). Export
(c/sh)ould still respect static (i.e. non-executable) header args;
o-e-b-e should only inhibit executable args. From the standpoint of
implementation, the execution of code in header args can be controlled
by the inhibit-eval argument to org-babel-read and the light argument to
org-babel-get-src-block-info (and both functions might need to be
extended to look at dynamic variables in addition to these arguments).
Taking a step back, I would ask what justifies o-e-b-eʼs existence at
all. This thread demonstrates that itʼs not the right way to prevent
babel blocks from executing on export. Itʼs also not a good solution to
the security issue. Given the potential for confusion, Iʼd be in favor
of deprecating it entirely unless thereʼs some compelling reason for it
to exist that Iʼve overlooked.
--
Aaron Ecay
next prev parent reply other threads:[~2017-02-21 10:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-20 22:02 org-export-babel-evaluate=nil ignores ":exports results" setting - this has changed Derek Feichtinger
2017-02-20 23:54 ` Charles C. Berry
2017-02-21 6:05 ` Derek Feichtinger
2017-02-21 16:37 ` Charles C. Berry
2017-02-22 15:27 ` Colin Baxter
2017-02-22 15:45 ` Derek Feichtinger
2017-02-22 18:56 ` Colin Baxter
2017-02-21 10:51 ` Aaron Ecay [this message]
2017-02-21 16:40 ` Charles C. Berry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fuj7u89l.fsf@trex \
--to=aaronecay@gmail.com \
--cc=ccberry@ucsd.edu \
--cc=derek.feichtinger@psi.ch \
--cc=emacs-orgmode@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).