From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id fu58IZm5qV97XwAA0tVLHw (envelope-from ) for ; Mon, 09 Nov 2020 21:50:17 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id KCLkHJm5qV+bPwAA1q6Kng (envelope-from ) for ; Mon, 09 Nov 2020 21:50:17 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 04C079403E7 for ; Mon, 9 Nov 2020 21:50:16 +0000 (UTC) Received: from localhost ([::1]:60460 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kcF3G-0004PT-Lq for larch@yhetil.org; Mon, 09 Nov 2020 16:50:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37438) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kcEzg-0001ud-Pn for emacs-orgmode@gnu.org; Mon, 09 Nov 2020 16:46:33 -0500 Received: from mail-pg1-x529.google.com ([2607:f8b0:4864:20::529]:45727) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kcEzd-0007yj-ET for emacs-orgmode@gnu.org; Mon, 09 Nov 2020 16:46:32 -0500 Received: by mail-pg1-x529.google.com with SMTP id 62so8261726pgg.12 for ; Mon, 09 Nov 2020 13:46:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:subject:in-reply-to:message-id:date :mime-version; bh=p6aQr9RgCSUF5QkauxhTEPG0NpNB032dPqhJnyuQjtk=; b=S7uvMHPaoiGEuXB5tMVqIGz3QAMfVbWD8tigez1bKDKn0Hcd5DXKWrWxPnARBilT5E TtmavkjkDU/B1wdDYUMfRcEle+t+GfsUtOWEnnOQTXT47bBBREem7oY28RxvCSjMmBkd FCYOrBR74dL1xEWWP4g4WOtHYuCt+oeCc+zmPntqrFxDw/N/pIRoCQOeyllFzDGUGH7D nq7K3XEEekmEYo71jLi6d6DlF97f5Lih+gsbnIUm5v4nXOYpJj9CZCcxMZEtgQGV/gEp LoCqZsNc2jMkFSwq+/X0KUMYI7sDH3ij0ezHKjbxXYUT5KC0IHMjqp4zgZeDWorHGCyT DohA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:subject :in-reply-to:message-id:date:mime-version; bh=p6aQr9RgCSUF5QkauxhTEPG0NpNB032dPqhJnyuQjtk=; b=Y5lneSS8XKRw8+PBI3ygIT/zNBDQfJ8a6+5Ylxi1VTNCmnpqd0GBw7X3qGSjoQ61kO SR9LT3X462GRHM4/XHt1XHw2RSIqwnpQ9Sw2u5f2S4Ndx+k23cRH+JTe1SeoUc46fCzI ta+NBO+Zd3CT5xrkvLEtKlnZQ8eocXQReEfav4wNGJLvcsX5sVZIwa+Oceu1RyDF6HC8 N5EYXtfPwISY1rLflgG9QzJd6ogZCJGEmeloL/IwbExuR+0OwWYi1YUVh6F2vCDoVA7O +49KNVQ8QizeraOK4oHw20loc2PayeHde9uciPKYTS/BnCbDAMFWRDk7gIjpvLcTrQQP ZAsQ== X-Gm-Message-State: AOAM5307D0BXS34uJFz6sfaF9rvy8+Uvzbn0rYFnaN8PNISCDbfnyVis KgTjhcjLMEAfD/iitN98jjlmEwY0xK2hRQ== X-Google-Smtp-Source: ABdhPJyEW3Ou+JM2kQ67vLzH1anjguvja7D0vguVLN6Jay06m1tAjpYRecG5FqGQY/XIqWGto8GJBA== X-Received: by 2002:a65:50c5:: with SMTP id s5mr14128940pgp.399.1604958386728; Mon, 09 Nov 2020 13:46:26 -0800 (PST) Received: from tim-desktop (203-173-19-122.dyn.iinet.net.au. [203.173.19.122]) by smtp.gmail.com with ESMTPSA id s22sm11046053pfu.119.2020.11.09.13.46.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Nov 2020 13:46:25 -0800 (PST) References: <20201101161317.GA6609@maokai> <87imaoekrz.fsf@web.de> <39fb1f8d-4407-9359-ad14-72ae7841fda9@grinta.net> <87tuu85djy.fsf@gmail.com> User-agent: mu4e 1.5.6; emacs 27.1.50 From: Tim Cross To: emacs-orgmode@gnu.org Subject: Re: Thoughts on the standardization of Org In-reply-to: Message-ID: <877dqujj9t.fsf@gmail.com> Date: Tue, 10 Nov 2020 08:46:22 +1100 MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::529; envelope-from=theophilusx@gmail.com; helo=mail-pg1-x529.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=S7uvMHPa; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Spam-Score: -1.71 X-TUID: 9MweZyM5L3oU Maxim Nikulin writes: > 2020-11-08 Jean Louis wrote: >> That is right, I am using it since years in ~/.mailcap that works well >> for mutt email client. >> >> text/org; emacsclient %s; nametemplate=%s.org; >> text/x-org; emacsclient %s; nametemplate=%s.org; > > Just for curiosity, couldn't it lead to execution of arbitrary code > placed into elisp table expressions, some macro, etc.? I have not > convinced myself that just opening of a file (without executing of src > blocks) is safe enough and there no dangerous #+startup options or other > tricks. Emacs is too powerful and too flexible... By default, it is pretty safe. While you can customize things in such a way as to expose you to additional danger, you have to explicitly do that. There is a risk with many MIME types, for example images, word and excel documents etc. Even HTML can be a threat, especially if your mail reader supports JS and is not well engineered with security checks. No email can be considered 100% safe. However, in addition to the possible security consequences, you also have to consider the likelihood. The effort it takes to craft a malicious payload needs some sort of reward and while that reward might be as trivial as just causing mayhem, the relatively small user base for org compared to other MIME types is unlikely to make it an attractive mechanism. You are more likely to choose something more popular to put your efforts into. -- Tim Cross