From: Timothy <firstname.lastname@example.org> To: Glenn Morris <email@example.com> Cc: firstname.lastname@example.org, email@example.com Subject: Re: bug#48676: Arbitrary code execution in Org export macros Date: Thu, 27 May 2021 01:07:27 +0800 [thread overview] Message-ID: <firstname.lastname@example.org> (raw) In-Reply-To: <email@example.com> Thanks for reporting this. Glenn Morris <firstname.lastname@example.org> writes: > This seems contrary to normal Emacs practice for risky local variables, Hmm, correct me if I'm wrong but the issue with risky local variables is that they affect Emacs before the user sees them in the file? If this is an important distinction, it means this particular type of concern does not apply to Org #+macro statements, as they are not executed when the user opens the file. That said, if one were making say an automated Org file exporter or something, I could see this being problematic. Perhaps a var set to allow macros by default could be a good idea. > and to the section "Code Evaluation and Security Issues" in the Org manual > (which does not mention macros). Looks like this should be updated regardless of the above. -- Timothy
next prev parent reply other threads:[~2021-05-26 17:27 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-05-26 15:52 Glenn Morris 2021-05-26 17:07 ` Timothy [this message] 2021-05-26 18:00 ` Tom Gillespie 2021-05-26 23:01 ` Tim Cross 2021-05-27 2:54 ` Greg Minshall 2021-05-27 7:02 ` Rafael Ramirez Morales 2021-05-27 12:55 ` Tim Cross 2021-05-27 13:35 ` Rafael Ramirez Morales
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style List information: https://www.orgmode.org/ * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --subject='Re: bug#48676: Arbitrary code execution in Org export macros' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Code repositories for project(s) associated with this inbox: https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).