From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id kA2EJMp2vGVI8AAAqHPOHw:P1 (envelope-from ) for ; Fri, 02 Feb 2024 05:59:54 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id kA2EJMp2vGVI8AAAqHPOHw (envelope-from ) for ; Fri, 02 Feb 2024 05:59:54 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Vwjch8wa; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1706849994; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=FSys50LomsgxRWUIA5m1J9yeuKxinoSmyKN8BJ9qPuw=; b=oq1434O02N01j3UN8M1IUhZBKT9I6KvDFu3UfY7t4SIAAD3hZghnOt7GfkY43iZSATUcAM ZJK9dWcQL3PEWOymlEViTLGcJ3reKd+21pN3j6HgSwjycQSyEbyxhNLZXVLu9dqdrWbK+K nNw72BYyDmL/MAwidxpUS+8aEEpjeqcgEGiv3JZpgaSRfWj5Z3E+cBFMIXS6MuOPk7ZWqf zeq9/NGsQab0SvVxOg8LCuOHrshTHQlfsAEMpWIy74gfPM9SgwY/YKxxiGSEDm9R7j7jBY eW5iH6PkPD7B7RxYL6FSMrVAlnkbeR2fNaA8HzWyyCA+20LcjgkN/2R8WAW+9w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Vwjch8wa; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1706849994; a=rsa-sha256; cv=none; b=lXiIg++hJyr2QfYC2Zdx536w7Ik6OKQ0sNwTy5G+3q7hAxTAZ4X0Gb4wnHhSO2q1XO0yqa x+14n74pq2pDjJN3J+iXy1yt0p7qCSjdKbg9vyo8jkBQHJ5hRk0+Q1Ll1sZLd7wxZkIFvI jRWZ+ehRYMU2v3im9yfdkXBKQeC0+PYaqJI5qZwsTkhZc7cjUef+8ivJNpQQRgbg4fVJ00 XjLHZz8EMlub5FTbjxHJ6EiDzIQiQvcbx4qxbQWRNj0/Xl6bcAnjwSVM5e++fqZU6EAQkX 0C+5To/i2Jo9LfgGDG1im5Wn+lpBFKqAxKfSTq1jpYpDKcV9h8PUaJWq9RIuhQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6C003443CA for ; Fri, 2 Feb 2024 05:59:54 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rVldg-0001ZE-JP; Thu, 01 Feb 2024 23:58:56 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rVlde-0001Z5-P3 for emacs-orgmode@gnu.org; Thu, 01 Feb 2024 23:58:54 -0500 Received: from mail-lj1-x22e.google.com ([2a00:1450:4864:20::22e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rVldc-0003lL-7Y; Thu, 01 Feb 2024 23:58:54 -0500 Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2d04c0b1cacso21081901fa.0; Thu, 01 Feb 2024 20:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706849927; x=1707454727; darn=gnu.org; h=content-transfer-encoding:in-reply-to:mail-followup-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:sender:from:to:cc:subject:date:message-id:reply-to; bh=FSys50LomsgxRWUIA5m1J9yeuKxinoSmyKN8BJ9qPuw=; b=Vwjch8watWNH131pWq119Vi+S8z3Fyjb7XutGYe4RyW2oJA5miY8ecSAlmt8rxuzIp NVacwW5BuXA+LVxwMVx5Xbj4iQ6Y+KXm6qH0ilq/X2DbJWlDTUn9nJI4oTjRqteVbJyF hS3tfZ1p+gQisCuNxDddqMoTM5Ps9mBioJLgk0lmxFxwmb6ZJLfoElR6Z4iRCxUkabo0 wJS4VAZwdanUwKCMAcPi5cB+1H1Ywrtjdtt4MLtfSptYhtf4wWxq6phw/g5nFwoa/s3e W4jU+eYArVRCRSUrF8xC9bOUqAboRhf9GQ9F0yQdi0nz+DyvVwlyOkEQAijvsojpZ1AN ZkmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706849927; x=1707454727; h=content-transfer-encoding:in-reply-to:mail-followup-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=FSys50LomsgxRWUIA5m1J9yeuKxinoSmyKN8BJ9qPuw=; b=wSFtsyk4ANZMuhlpbvfyxwuAvhd7zaLZourCSHqP2uzIcTLJecfmUgFyPaugDOB9KM VF2Gvt+p2jbcvRVYe56TlCS1VJFQQCV81iGtRVfLQa9MJG13ujEHg4E1wdTlHxRVNbBP pDV4ZK6SQIINg96Bq+92DVj01/SzjfFUZJTbOT1jEurD2T/1rK+2paOnnMju2HA8w30o qerh83c5hyPxYe52k+K7pa525qMapkZwXtEYNArMQ+Ddr4NkJoqMR6piNh+maoPyq91U t65Otj/85HOLbAeCiP//ai/kXHFh+q9EJ40F9bp/2HN6UsUpndqUkDON6v5xJXWL6K4b dicw== X-Gm-Message-State: AOJu0YxkGRZyD6m+xz2iAJVk1scNL32mkzI/iiZDZcmds0sh7EEw1lDv tyB8cS7/GnSGClQJVp/9OXzm1C896XP7WYt0qH31/qwauPI7z6zXxDD4gLniuqY= X-Google-Smtp-Source: AGHT+IGUyq4jGwqGAiqf6Ty95/cb+SshBVua6xi8i28+xlwSw9rqUIkSlUbIguCQeuHwiDyv8adCcw== X-Received: by 2002:a2e:8e6b:0:b0:2d0:6f23:7cd7 with SMTP id t11-20020a2e8e6b000000b002d06f237cd7mr426331ljk.12.1706849926908; Thu, 01 Feb 2024 20:58:46 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCWPZ+KowA8BT19fVfzW9hUeIubxjuZMdRy8Hgug7x3IilYfyF01bp2WaXHXRa2inMkURmLhBkN6WQI2o5ljYbKkJLZ26Hf16ka23Q3AXhxlKU2YKYol5oOIMowfQ2wB3q3EVZJU2tq8OJ42rlp+UvjNTopC5nbmXC1axyB9SIauWYj7v1Cwl+OjGRqMszMCYHRJARESItjr Received: from [192.168.0.101] (nat-0-0.nsk.sibset.net. [5.44.169.188]) by smtp.googlemail.com with ESMTPSA id n21-20020a2e7215000000b002cd65f9ce8asm147215ljc.118.2024.02.01.20.58.45 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Feb 2024 20:58:46 -0800 (PST) Message-ID: <87bc23dd-7c0b-4f9a-a54d-29716e948c5c@gmail.com> Date: Fri, 2 Feb 2024 11:58:44 +0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: bug#68687: Org mode code evaluation To: rms@gnu.org, Ihor Radchenko Cc: kupfer@rawbw.com, 68687@debbugs.gnu.org, emacs-orgmode@gnu.org, stefankangas@gmail.com, eliz@gnu.org References: <6d94fff4-4d30-4121-bfd1-f267cb5b637c@gmail.com> <8734uqpvgn.fsf@tec.tecosaur.net> <49fa47c0-522a-46d7-ba0d-6e688aa26a8e@gmail.com> <74b83cf9-cd7e-429a-bd9d-0af964e1ddc5@gmail.com> <8634uh5rrq.fsf@gnu.org> <87mssn81dw.fsf@localhost> <28314.1706634769@alto> <87mssmvhdw.fsf@localhost> Content-Language: en-US, ru-RU From: Max Nikulin Mail-Followup-To: rms@gnu.org, Ihor Radchenko , kupfer@rawbw.com, 68687@debbugs.gnu.org, emacs-orgmode@gnu.org, stefankangas@gmail.com, eliz@gnu.org In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=2a00:1450:4864:20::22e; envelope-from=manikulin@gmail.com; helo=mail-lj1-x22e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 3.12 X-Migadu-Scanner: mx13.migadu.com X-Spam-Score: 3.12 X-Migadu-Queue-Id: 6C003443CA X-TUID: /FRjq0qok/U3 On 02/02/2024 10:38, Richard Stallman wrote: > > > I did not imply that Org mode is safe. I directly said that there are > > security issues and that they are known. > > Could you plesae post a pointer to a desciption of them? I would strongly prefer to move discussion of Org security to a dedicated thread on emacs-orgmode or emacs-devel and leave this bug to media types used for Org. Whenever the suggested patch committed (as a whole or in parts) or not, admit that Org mode is already used as media type handler for mail messages and downloaded files. I have tried a couple more ideas, but have not managed to achieve code execution when files are loaded (assuming default or plausible user settings). If Org keystrokes are not active when mail messages are opened then it should be safe enough. (However I suspect an issue unrelated to code execution.) If Emacs or Org mode has severe issues then it is possible to exploit them even without the patch. Just send a message having 3 attachments covering all variants of Content-Type. The point is to minimize discrepancy related to Org mode stuff within Emacs and outside of it. E.g. in default configuration Thunderbird on Debian 12 bookworm sends attachments as text/org. Emacs core uses text/x-org or application/vnd.lotus-organizer. With no action taken it will last further.