From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id QHoRDLorGmMpNAAAbAwnHQ
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 08 Sep 2022 19:51:54 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id cD0FDLorGmP9zwAAauVa8A
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 08 Sep 2022 19:51:54 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 7906F14D88
	for <larch@yhetil.org>; Thu,  8 Sep 2022 19:51:53 +0200 (CEST)
Received: from localhost ([::1]:41150 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>)
	id 1oWLgt-0008RQ-Nu
	for larch@yhetil.org; Thu, 08 Sep 2022 13:51:51 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55550)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tomas@tuxteam.de>) id 1oWLXH-0000CE-Mn
 for emacs-orgmode@gnu.org; Thu, 08 Sep 2022 13:41:55 -0400
Received: from mail.tuxteam.de ([5.199.139.25]:45960)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tomas@tuxteam.de>) id 1oWLXF-00046U-N6
 for emacs-orgmode@gnu.org; Thu, 08 Sep 2022 13:41:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tuxteam.de; 
 s=mail;
 h=From:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
 Subject:To:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=UT4CNj/9qirl/Kt/gcUpFdHG7vFtbDeVuoJ7CgwdJc0=; b=qLxVb+fQsHfzeA0cuUaBX2FODK
 WuLFkHcJympjBJSOdstnpdnV3udnRehJ/0RchdaE58uq7zDKXlEqaHNZbjhVhckT4CCYjriOHwFMZ
 3w7/HzUkuyR1Nj72cognhP2r2p9h7zRTU+qkwErteD1XMHhxOa11NnPW+oRAxdKkhiZzFvcK3oQzl
 iO2y0NCpVgF/7Db3iZaSs9P4rM+M64Th6ddA0nTPsOtQOwKL/XPvtaY8WKQUlv8bgeDkgON+44nFf
 9YLb3TbPSlnTO/3SpGNSXoOSnS6PRY8rE4LMjddJDwvM1LMJuOluhV4o4BW6xjoDveMs+07GQeSeR
 ZYcniJWQ==;
Received: from tomas by mail.tuxteam.de with local (Exim 4.94.2)
 (envelope-from <tomas@tuxteam.de>) id 1oWLXA-0000sk-DI
 for emacs-orgmode@gnu.org; Thu, 08 Sep 2022 19:41:48 +0200
Date: Thu, 8 Sep 2022 19:41:48 +0200
To: emacs-orgmode@gnu.org
Subject: Re: per-file (or, really, per buffer) allowing/disallowing code
 block execution
Message-ID: <YxopXKz6gaplrP0B@tuxteam.de>
References: <l-mfSe5KD9g7LPdD7qHPtqtjBD45DK8OeOqO6ybMWqoXG-oEQAFjlW1V1N1NtJQBWM_A4CeGT_92rpSKF7Aq0KRzsNmMZfAJnAbyVWeCjoA=@protonmail.ch>
 <595135.1662491125@archlinux> <87zgfao1hu.fsf@localhost>
 <i06v58QMFUCOZ9RtEuyAtzafZiSUm-t8g0JiylgDIpLkUz9UJmbCmwWC9ZOY00wgTkSi6fcHUBBHQvHgW1xCbbNvtQ5enr--38UVO2jwyD4=@protonmail.ch>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="AyTid1aDw4+KYYAI"
Content-Disposition: inline
In-Reply-To: <i06v58QMFUCOZ9RtEuyAtzafZiSUm-t8g0JiylgDIpLkUz9UJmbCmwWC9ZOY00wgTkSi6fcHUBBHQvHgW1xCbbNvtQ5enr--38UVO2jwyD4=@protonmail.ch>
From: <tomas@tuxteam.de>
Received-SPF: pass client-ip=5.199.139.25; envelope-from=tomas@tuxteam.de;
 helo=mail.tuxteam.de
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-orgmode@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
 <mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
 <mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org
Sender: "Emacs-orgmode" <emacs-orgmode-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1662659514;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=UT4CNj/9qirl/Kt/gcUpFdHG7vFtbDeVuoJ7CgwdJc0=;
	b=SJ67aIfubgHUUmIAXIFIo1xE//y5dDsNoytfbQc4PvgUQZgfb9CN+yDwjMZj59PCdRWG4F
	GIcA6iyHZiw9LQVExmqSinckiFm1FVaDezcQptJvUyB0pRsW/nPFwSMB6pkxsK6mwhcvzu
	GEW2Pb9Sjxumdr6ODVyp0C92SKpUKAkGtU+nkHlMFo3y6qoE6ZWXzrIfy76ZDxC0lIUXRQ
	y5w87/v2q+e7Ae9+Qhyt/oxMmPRG7OFIgzyBVEAsAoRb4yOXlT3Pw6YPmGoOJP4+YVmmnN
	M0ct8/23Hj2wPeNhxRT0jWdtFHxYXllDIf9Hl0KAmsCyaUdiQ/svOwmJYH3hiA==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662659514; a=rsa-sha256; cv=none;
	b=XD3iqLAzc0WBXB9DOG6vzgSw/YG21jMUalu73dF9bq/9E0wgoFyiofFApN5Ra3jfSLh7IW
	X0+BdQ9uZrdCcfziSWz9M6zASfowaAVhVDO8Enr96GMyexn17D720gmCTYLzceC9q5SYD1
	Zb7SELtNu94sWgX5AtmeuoHF1qW7u10h7Fr9XaUkw3YkRPWDXeNJ554yRTViZ1PKyXFeXa
	ndIUT1pu2gY5WFDDIvJjnBp8/bGq3RqzwPV9OBZaKr0alBSWmiqJB9Bhn/lDv40CZOLcBm
	Sucx2YzfTwWbpGnJxBHVN3Fp+l7+6q9b9Go+9ykSOVEy4wt43q4GaajH0bdbDw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=tuxteam.de header.s=mail header.b=qLxVb+fQ;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -0.69
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=tuxteam.de header.s=mail header.b=qLxVb+fQ;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 7906F14D88
X-Spam-Score: -0.69
X-Migadu-Scanner: scn1.migadu.com
X-TUID: g/OpCCWMj/Ix


--AyTid1aDw4+KYYAI
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 08, 2022 at 12:34:25PM +0000, Fedja Beader wrote:
> Hello Richard, Ihor and Steven,
>=20
> I'm aware that file-local variables exist, but it seems that
> all documentation for them put them *into the file*, which is not secure =
for files downloaded from the internet. What is to stop a malicious file fr=
om setting an "yes, execute me automatically" variable?

While loading the file, only "safe variables" are set without
warning (actually it's a bit more complex: specific variable-
value pairs can be marked as "safe".

See e.g. "12.12 File Local Variables" in the elisp manual.

Cheers
--=20
t

--AyTid1aDw4+KYYAI
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCYxopVQAKCRAFyCz1etHa
RngFAJ4nj507e7iPoyCo3j9i6qqG1b7/NACfcjdjB4/FHsx0U9L5yK30P6bjXX8=
=e4+7
-----END PGP SIGNATURE-----

--AyTid1aDw4+KYYAI--