From mboxrd@z Thu Jan 1 00:00:00 1970 From: Aaron Ecay Subject: Re: org-export-babel-evaluate=nil ignores ":exports results" setting - this has changed Date: Tue, 21 Feb 2017 10:51:18 +0000 Message-ID: <87fuj7u89l.fsf@trex> References: <38f5c7e0-b000-f8bd-97dd-6947e3272511@psi.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50691) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg82Z-0005FY-Iv for emacs-orgmode@gnu.org; Tue, 21 Feb 2017 05:51:28 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg82U-0004i0-Jo for emacs-orgmode@gnu.org; Tue, 21 Feb 2017 05:51:27 -0500 Received: from mail-wr0-x244.google.com ([2a00:1450:400c:c0c::244]:32772) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cg82U-0004hc-DR for emacs-orgmode@gnu.org; Tue, 21 Feb 2017 05:51:22 -0500 Received: by mail-wr0-x244.google.com with SMTP id s27so5607726wrb.0 for ; Tue, 21 Feb 2017 02:51:21 -0800 (PST) In-Reply-To: List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Sender: "Emacs-orgmode" To: "Charles C. Berry" , Derek Feichtinger Cc: emacs-orgmode@gnu.org Hi Chuck, 2017ko otsailak 20an, "Charles C. Berry"-ek idatzi zuen: [...] >=20 > Allowing header args to be processed (as before) also allows for arbitrar= y=20 > code to be executed. The point of setting =E2=80=98org-export-use-babel= =E2=80=99 or=20 > `org-export-babel-evaluate' to nil was to prevent this. For that reason= =20 > the former behavior was a bug. I=CA=BCm not sure I agree that it=CA=BCs so simple. There are still ways t= o execute arbitrary code on export independently of babel (e.g. eval macros). The advice to use o-e-babel-evaluate for security was never (IMO) correct =E2= =80=93 the only properly secure wat to export untrusted documents would involve some kind of sandboxing of the emacs executable. The original bug that led to the change in the behavior of o-e-b-e was that a misspecified var header would lead to an error on export . I think the change was an overreaction to that problem (and insofar as it changed the long-standing behavior of that variable, a regression). Export (c/sh)ould still respect static (i.e. non-executable) header args; o-e-b-e should only inhibit executable args. From the standpoint of implementation, the execution of code in header args can be controlled by the inhibit-eval argument to org-babel-read and the light argument to org-babel-get-src-block-info (and both functions might need to be extended to look at dynamic variables in addition to these arguments). Taking a step back, I would ask what justifies o-e-b-e=CA=BCs existence at all. This thread demonstrates that it=CA=BCs not the right way to prevent babel blocks from executing on export. It=CA=BCs also not a good solution = to the security issue. Given the potential for confusion, I=CA=BCd be in favor of deprecating it entirely unless there=CA=BCs some compelling reason for it to exist that I=CA=BCve overlooked. --=20 Aaron Ecay