From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id iM/ZI7Qhn2MayQAAbAwnHQ (envelope-from ) for ; Sun, 18 Dec 2022 15:20:36 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id eMDVI7Qhn2NeVgEA9RJhRA (envelope-from ) for ; Sun, 18 Dec 2022 15:20:36 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 489BA3E940 for ; Sun, 18 Dec 2022 15:20:36 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p6uWA-0007zJ-EO; Sun, 18 Dec 2022 09:19:54 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p6uVr-0007yO-Ct for emacs-orgmode@gnu.org; Sun, 18 Dec 2022 09:19:48 -0500 Received: from mout02.posteo.de ([185.67.36.66]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p6uVp-0005rw-Ct for emacs-orgmode@gnu.org; Sun, 18 Dec 2022 09:19:35 -0500 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 23160240101 for ; Sun, 18 Dec 2022 15:19:30 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1671373171; bh=f54My8lnRfjGl39TrilcQe8hK44iCWKmTX7AZ2k0PL4=; h=From:To:Cc:Subject:Date:From; b=cCoUBhJOX0k39+Vv94kBCriFkLUkcOlvi3Pe7N4/94Tk64idr+8c5gyFnP4vv5S3u sbaLCd0LpLfMQckwhp6sm/Bp/pmoLFbcyBGdKTOQodRbyhqpDiRNx7I5nXmSuchdC5 vEgdQcG5JkQ91+vGWqdrigyJ6R6thDKrA91f8etouM/Zw5sFeNyts8HYPvKs+fpL+h l/tqW1BbrJYo5kjeqSYPYG2TjkdITQyhz7opG0VaEcXBjBrmfoGmjG+5vbems4zdXV SIPL4GZYt5Pta5YCylFCUDPudEJIsHueQgRD0WQReDAd6DA/fV1D9ZR7RpIyOH8Mfj 7piG1IMgzz7RA== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4NZlMj6syKz9rxF; Sun, 18 Dec 2022 15:19:29 +0100 (CET) From: Ihor Radchenko To: Tim Cross Cc: emacs-orgmode@gnu.org Subject: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable In-Reply-To: <86h6xvvl30.fsf@gmail.com> References: <87359ld5ye.fsf@kyleam.com> <874ju0j538.fsf@localhost> <87len9uj5s.fsf@localhost> <87ilicua53.fsf@localhost> <86len8uxmu.fsf@gmail.com> <87o7s3swyt.fsf@localhost> <86h6xvvl30.fsf@gmail.com> Date: Sun, 18 Dec 2022 14:19:28 +0000 Message-ID: <87k02o6bgv.fsf@localhost> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=185.67.36.66; envelope-from=yantar92@posteo.net; helo=mout02.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=cCoUBhJO; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1671373236; a=rsa-sha256; cv=none; b=e53CnC+8cV63WL1uz9fqdLd5Bi4ZXre/KO1r8k3cbfshNobtNybcpzHD6gvpUGF0gjF0CI tS5WylPtf8MKvbN8ak3Gwwm6MREdvBYFxE6jmI5dktRSMiAEtT5j15ec6EkPgbMDcjDfAG 31+JAQIvCFT+HcyTl+TJly82biSVgfUSaCjS+HB1UDiVoLb4OSVhpVx6sjMGl/0RaPkpZB KnZZfRQYPXO0Qnq1n0zijnYExjuFK59Hvd6yJNzhGW2mdqmVlG41ddaeMNx+Wy4YwuQgyU LHKgRus25Qz/0466afiY+3H2x+QSI+H5MFUAI2mVqlr5JND+fAykXlg7g5nfgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1671373236; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=JHw4OUvG7g33BIMDPxcjLFnwZxrhazsVJiP4EkuemM8=; b=HcNMz0z/4P2IQBy1qP64Ntj+69BagE7ckvZrtg9MHXNFmSWYSOX1/CtGpwdDtcnR95t2Mh axKD/P2dI3PmCRsBERuG/7uJMyxZGGEvPZDMkixmzR78sdZ0vd+4ROor7J3SSfKr7XH4DR 5nHklSUrkiqxo3anL1MlEuz0MW+MAJjOFvIvilFpxovc6cvx6zYz1syb/t7WvYXxFIq0/C JCPCnzh8Iy8D2n7UOMVJS3EWnEtq8Y5xGjGhMxdcUh4XmANwfksXH4ZXRv6zQdzx/sR5Qs y4VZ1SELVJBaw6PZSoPUMqyTX5x5rOR3XFX/sqnm7fZya7BvH3cSYIOpUvhvUg== Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=cCoUBhJO; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn1.migadu.com X-Migadu-Spam-Score: -4.41 X-Spam-Score: -4.41 X-Migadu-Queue-Id: 489BA3E940 X-TUID: f898OqCXciIV Tim Cross writes: > Based on the information in section 17.13, how do I configure my Emacs > so that > > 1. All the code in the files I wrote just runs and doesn't bother me with > annoying execute questions. > > 2. Code in files from colleagues is shown to me and I'm asked if it > should be executed. Once I say yes, I don't want to be bothered about it > again i.e. next time I open that file, I want org mode to know I trust > it. > > 3. Absolutely no code in files which are not from the two preceding > sources is to be executed unless I explicitly approve it. Not yet, but I hope that we can integrate the approach we use in `org-safe-remote-resources' and `org--confirm-resource-safe'. > It feels like what we currently have is a selection of disconnect knobs > which the user can tweak, but with no over-arching mechanism to help > manage these settings for various scenarios. Agree. I hope that we can slowly work towards connecting these knobs. > Finally, are we 100% certain that these different code evaluation > circumstances are the only ones? Can we be certain there isn't areas > where options or variables are set which couldn't be used to evaluate > code (similar to be previously identified execution of code in block > headers which occurred before the checks on code evaluation?)? No, we can't. But it is true for any software that allows third-party code, not just for Org or even Emacs. And we cannot use the more universal sandbox approach either. Not in Emacs. > It also feels like the approach we have taken here is almost a throwback > to a past era where he had a lot more trust. What we seem to have is > protection against accidental execution of code rather than protection > against code with malicious intent which has been crafted to be > difficult to spot and deliberately takes advantages of small 'holes' or > over-sight in the controls supplied. I do not think that we can do anything about crafted code in Emacs other than displaying that code and letting the user decide. And I haven't seen any better solution, except anti-virus scanners that are constantly fighting new malicious code. At least, we do show the code. It is already better than "yes/no" dialogue you get when running random executable on Windows. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at