From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 0HztM5t5x2XdBAEAe85BDQ:P1 (envelope-from ) for ; Sat, 10 Feb 2024 14:26:52 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id 0HztM5t5x2XdBAEAe85BDQ (envelope-from ) for ; Sat, 10 Feb 2024 14:26:51 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=sJN1fZQ5; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1707571611; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=ytMtOKSiTTksW62oDMlGhHAIW+3PAAsvjZtNpIxOtCY=; b=nsPPreQXF4eRgo+au2RRLRE6uvkbaYtSociBpFm1VOMGK9C8YugXjqGQuSu7XNvJIKLEXp sWgt+YYl4DB+H2LnQkcttVjl51f89ibhe5sYOQdxU5QppSaQ1HRBBq4wfQ6n8wRQuObVSF T5f19zkYmxEotQYFaEKGqH7nfF8dT/0MJ4Dt279/xq2aVi9cYfxWznMomdSCaDLQFwGcGF 8HT+ToiJmdz6hBw9t1MiJdK8Ht6i675+y0Z8CcCfJk2GIASHayjYmIkuwTRpASgAptYfia C97GYmHH+evHuteKXoFn8WqDZDEhz9kuYSWfdfTJZREuywHSUa3IP3VBGH2law== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=sJN1fZQ5; dmarc=pass (policy=none) header.from=posteo.net; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1707571611; a=rsa-sha256; cv=none; b=W2ijW79GG/p0cFtDtIlmJcE13lGnZNV/T111rdr+SUdzzyDZzt1zbBeauOgATpdvuDCa9l awnw25wpvnn0d6qCR8jGfgKa8UlA0s9LMqDkdWifxkfta8QE2sNcbKZOFnSm7T9juQx+ER ob8kYRK+wjp9GF0Ej58McDake89aRrMHNdmJzjWmSur7ilKAid4mVVvw4jRytAmmXK3M+S fQqWxDGxs1DA+KZWBnJEYR+/lrNryEhmMjK4OulLFvKM+0A2rGPPe5BfDI4jkvvUMo4kqU Sy4GuyVqNIY1OITHx543+WILXfDOcslpWlNQUz6O/ngqnMyL/6KGF7Ze989+EQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 831A237873 for ; Sat, 10 Feb 2024 14:26:51 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rYnMm-0002gH-2P; Sat, 10 Feb 2024 08:26:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rYnMi-0002g3-Im for emacs-orgmode@gnu.org; Sat, 10 Feb 2024 08:25:58 -0500 Received: from mout01.posteo.de ([185.67.36.65]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rYnMf-0003H4-TN for emacs-orgmode@gnu.org; Sat, 10 Feb 2024 08:25:56 -0500 Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 507E6240027 for ; Sat, 10 Feb 2024 14:25:50 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1707571550; bh=bqXtvke/2rQfXpOb6T+DviKrW7l1hGtiyzrkc3DR/bw=; h=MIME-Version:Content-Type:Date:From:To:Cc:Subject:Message-ID: From; b=sJN1fZQ5AvkLiVu1jIdp99NVC9+fu04nw2+nz0k71jCU5FTJ2G45K6wppZaE4lZ34 2mwM3kBkfl1LFRriADrFLUBLTvHiAHQYsEMxEmTE6HTh1rZVolK1q1N34nSmv/Vhpt hnffpq4HpQzK+/mOeqdxTi0md+un+vx8xhH/KwQdddriLkTl7pvx8OZaFruDlAyJn8 TSmFts05GmXAOElAFjRrObYRhwCECJjSrpKv9J6HN2tp9qw/38mh/WxYEUu+qLuHT+ SuJU1mrV3qiyFcyrKJKDp6FJbESdGvucQXhkP4lByk0/DPpjCtekE7P+NuM+p44YYa hIVShI3d8rdNQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4TXBLP6W1cz9rxD; Sat, 10 Feb 2024 14:25:49 +0100 (CET) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_ee5c6df14ad2cde55050a8cf4bba9896" Date: Sat, 10 Feb 2024 13:25:49 +0000 From: gerard.vermeulen@posteo.net To: Ihor Radchenko Cc: Emacs orgmode Subject: Re: [PATCH] ox-latex: Make more variables file local safe In-Reply-To: <87y1bt8civ.fsf@localhost> References: <87y1bt8civ.fsf@localhost> Message-ID: <27bf6aa17102c2450a78359494d7acb7@posteo.net> Received-SPF: pass client-ip=185.67.36.65; envelope-from=gerard.vermeulen@posteo.net; helo=mout01.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -10.39 X-Spam-Score: -10.39 X-Migadu-Queue-Id: 831A237873 X-Migadu-Scanner: mx12.migadu.com X-TUID: kug+j7wL/UO1 --=_ee5c6df14ad2cde55050a8cf4bba9896 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On 10.02.2024 00:04, Ihor Radchenko wrote: > gerard.vermeulen@posteo.net writes: > >> I have a direct use for org-latex-toc-command being a file local >> safe variable and I looked a bit around for other variables not >> being file local safe for no good reason IMO (why those not, >> while similar variables yes). >> >> I have attached a patch which makes six variables file local safe. > > Thanks! I agree about all but org-latex-toc-command. > Although, I am not sure if org-latex-toc-command is really safe to set > to arbitrary value. You are right, it is not safe, BUT: The attached org file (not really malicious) shows how to create a malicious org file for any file local "safe" string variable in ox-latex when exporting to latex and compiling with the -shell-escape option. Therefore, I attached a patch removing the :safe #'stringp from those variables. --=_ee5c6df14ad2cde55050a8cf4bba9896 Content-Transfer-Encoding: base64 Content-Type: application/octet-stream; name=malicious.org Content-Disposition: attachment; filename=malicious.org; size=923 Iyt0aXRsZTogTWFsaWNpb3VzPwojK3N1YnRpdGxlOiBscyAtbAojK29wdGlvbnM6IHRpbWVzdGFt cDpuaWwKIytsYXRleF9oZWFkZXI6IFx1c2VwYWNrYWdle21pbnRlZH0KCiogVGVzdAo6UFJPUEVS VElFUzoKOkNVU1RPTV9JRDogc2VjOnRlc3QKOkVORDoKClRlc3QgW1sjc2VjOnRlc3RdXSByZWZl cmVuY2UuCgojK2NhcHRpb246IE9yZyBVbmljb3JuIGltYWdlLgpbWy4vT3JnLW1vZGUtdW5pY29y bi5wbmddXQoKIytiZWdpbl9xdW90ZQpJcyByZXBsYWNpbmcge3F1b3RlfSB3aXRoIHtcU2hlbGxF c2NhcGV7bHMgLWx9fSBzYWZlPwojK2VuZF9xdW90ZQoKIyBDYW5kaWRhdGVzIHRvIHRlc3Qgb25l IGJ5IG9uZToKIyBVbnNhZmUgY2FuZGlkYXRlcyB3aGljaCBhcmUgbm90IHNhZmUgdXBzdHJlYW06 CiMgb3JnLWxhdGV4LXRvYy1jb21tYW5kOiAiXFx0YWJsZW9mY29udGVudHNcblxcU2hlbGxFc2Nh cGV7bHMgLWx9XG4iCiMgb3JnLWxhdGV4LXN1YnRpdGxlLWZvcm1hdDogIiBcXFNoZWxsRXNjYXBl eyVzfSIKIyBvcmctbGF0ZXgtaW1hZ2UtZGVmYXVsdC13aWR0aDogIlxcU2hlbGxFc2NhcGV7bHMg LWx9IgoKIyBDYW5kaWRhdGVzIGRlY2xhcmVkIHNhZmUgdXBzdHJlYW0gd2hpY2ggYXJlIG5vdCBz YWZlIHVzaW5nIHdvcnNlIHRoYW4gdGhpczoKIyBvcmctbGF0ZXgtaW1hZ2UtZGVmYXVsdC1zY2Fs ZTogIlxcU2hlbGxFc2NhcGV7bHMgLWx9IgojIG9yZy1sYXRleC1kZWZhdWx0LWZpZ3VyZS1wb3Np dGlvbjogIlxcU2hlbGxFc2NhcGV7bHMgLWx9IgojIG9yZy1sYXRleC1yZWZlcmVuY2UtY29tbWFu ZDogIlxcU2hlbGxFc2NhcGV7bHMgLWx9IFxccmVmeyVzfSIKCiMgTG9jYWwgVmFyaWFibGVzOgoj IG9yZy1sYXRleC1kZWZhdWx0LXF1b3RlLWVudmlyb25tZW50OiAiXFxTaGVsbEVzY2FwZXtscyAt bH0iCiMgRW5kOgo= --=_ee5c6df14ad2cde55050a8cf4bba9896 Content-Transfer-Encoding: base64 Content-Type: application/octet-stream; name=0001-ox-latex-string-variables-are-not-file-local-safe.patch Content-Disposition: attachment; filename=0001-ox-latex-string-variables-are-not-file-local-safe.patch; size=1973 RnJvbSA1NGQ4NTE1ZTViYWNkZDNkYWE0NTA1YzNlYzBmYzgwYjU3ZTgwZWQwIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBHZXJhcmQgVmVybWV1bGVuIDxnZXJhcmQudmVybWV1bGVuQHBv c3Rlby5uZXQ+CkRhdGU6IFNhdCwgMTAgRmViIDIwMjQgMTQ6MDQ6NTUgKzAxMDAKU3ViamVjdDog W1BBVENIXSBveC1sYXRleDogc3RyaW5nIHZhcmlhYmxlcyBhcmUgbm90IGZpbGUgbG9jYWwgc2Fm ZQoKKiBsaXNwL294LWxhdGV4LmVsIChvcmctbGF0ZXgtZGVmYXVsdC1maWd1cmUtcG9zaXRpb24p Ogoob3JnLWxhdGV4LWRlZmF1bHQtcXVvdGUtZW52aXJvbm1lbnQsIG9yZy1sYXRleC1pbWFnZS1k ZWZhdWx0LXNjYWxlKToKKG9yZy1sYXRleC1yZWZlcmVuY2UtY29tbWFuZCk6IGZpbGUgbG9jYWwg c2FmZSBzdHJpbmcgdmFyaWFibGVzIGFsbG93CnRvIHdyaXRlIE9yZyBmaWxlcyBhbGxvd2luZyB0 byBpbmplY3QgYW55IGNvbW1hbmQuCgpMaW5rOiBodHRwczovL2xpc3Qub3JnbW9kZS5vcmcvZmZh NzdjMDFkNDdiMTVkZmMwYWU2ODdjYWI5NWZiMDFAcG9zdGVvLm5ldC8KLS0tCiBsaXNwL294LWxh dGV4LmVsIHwgMTIgKysrKy0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgNCBpbnNlcnRpb25zKCsp LCA4IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2xpc3Avb3gtbGF0ZXguZWwgYi9saXNwL294 LWxhdGV4LmVsCmluZGV4IDkzN2NiYWMyYy4uY2ZhMmI4MTc4IDEwMDY0NAotLS0gYS9saXNwL294 LWxhdGV4LmVsCisrKyBiL2xpc3Avb3gtbGF0ZXguZWwKQEAgLTQxMyw4ICs0MTMsNyBAQCB1c2Ug b2YgYSBwYWNrYWdlIHN1Y2ggYXMgaHlwZXJyZWYgb3IgY2xldmVyZWYgYW5kIHRoZW4gY2hhbmdl IHRoZSBmb3JtYXQgc3RyaW5nCiB0byBcIlxcYXV0b3JlZnslc31cIiBvciBcIlxcY3JlZnslc31c IiBmb3IgZXhhbXBsZS4iCiAgIDpncm91cCAnb3JnLWV4cG9ydC1sYXRleAogICA6dHlwZSAnc3Ry aW5nCi0gIDpwYWNrYWdlLXZlcnNpb24gJyhPcmcgLiAiOS41IikKLSAgOnNhZmUgIydzdHJpbmdw KQorICA6cGFja2FnZS12ZXJzaW9uICcoT3JnIC4gIjkuNSIpKQogCiA7Ozs7IFByZWFtYmxlCiAK QEAgLTczNCw4ICs3MzMsNyBAQCBvciBpZiB0aGUgaW1hZ2UgaXMgd3JhcHBlZCB3aXRoaW4gYSBc IndyYXBmaWd1cmVcIiBlbnZpcm9ubWVudC4KIFNjYWxlIG92ZXJyaWRlcyB3aWR0aCBhbmQgaGVp Z2h0LiIKICAgOmdyb3VwICdvcmctZXhwb3J0LWxhdGV4CiAgIDpwYWNrYWdlLXZlcnNpb24gJyhP cmcgLiAiOS4zIikKLSAgOnR5cGUgJ3N0cmluZwotICA6c2FmZSAjJ3N0cmluZ3ApCisgIDp0eXBl ICdzdHJpbmcpCiAKIChkZWZjdXN0b20gb3JnLWxhdGV4LWltYWdlLWRlZmF1bHQtaGVpZ2h0ICIi CiAgICJEZWZhdWx0IGhlaWdodCBmb3IgaW1hZ2VzLgpAQCAtNzUyLDggKzc1MCw3IEBAIGVudmly b25tZW50LiIKICAgOmdyb3VwICdvcmctZXhwb3J0LWxhdGV4CiAgIDp0eXBlICdzdHJpbmcKICAg OnZlcnNpb24gIjI2LjEiCi0gIDpwYWNrYWdlLXZlcnNpb24gJyhPcmcgLiAiOS4wIikKLSAgOnNh ZmUgIydzdHJpbmdwKQorICA6cGFja2FnZS12ZXJzaW9uICcoT3JnIC4gIjkuMCIpKQogCiAoZGVm Y3VzdG9tIG9yZy1sYXRleC1pbmxpbmUtaW1hZ2UtcnVsZXMKICAgYCgoImZpbGUiIC4gLChyeCAi LiIKQEAgLTc5Nyw4ICs3OTQsNyBAQCBkZWZhdWx0IHdlIHVzZSBoZXJlIGVuY29tcGFzc2VzIGJv dGguIgogICAiRGVmYXVsdCBlbnZpcm9ubWVudCB1c2VkIHRvIGBxdW90ZScgYmxvY2tzLiIKICAg Omdyb3VwICdvcmctZXhwb3J0LWxhdGV4CiAgIDpwYWNrYWdlLXZlcnNpb24gJyhPcmcgLiAiOS41 IikKLSAgOnR5cGUgJ3N0cmluZwotICA6c2FmZSAjJ3N0cmluZ3ApCisgIDp0eXBlICdzdHJpbmcp CiAKIChkZWZjdXN0b20gb3JnLWxhdGV4LWRlZmF1bHQtdGFibGUtbW9kZSAndGFibGUKICAgIkRl ZmF1bHQgbW9kZSBmb3IgdGFibGVzLgotLSAKMi40Mi4wCgo= --=_ee5c6df14ad2cde55050a8cf4bba9896--