From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id WEUaORyFrmA+8AAAgWs5BA (envelope-from ) for ; Wed, 26 May 2021 19:27:56 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id gH/GNByFrmC/YgAAbx9fmQ (envelope-from ) for ; Wed, 26 May 2021 17:27:56 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 35455D5AE for ; Wed, 26 May 2021 19:27:56 +0200 (CEST) Received: from localhost ([::1]:37022 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1llxJx-0000f5-4X for larch@yhetil.org; Wed, 26 May 2021 13:27:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44892) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llx0N-0000U6-0e for emacs-orgmode@gnu.org; Wed, 26 May 2021 13:07:39 -0400 Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]:42881) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1llx0L-00052D-AO; Wed, 26 May 2021 13:07:38 -0400 Received: by mail-pl1-x62d.google.com with SMTP id v13so932892ple.9; Wed, 26 May 2021 10:07:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:message-id :date:mime-version; bh=+VvLj+D+39pXou7UlH1yiTznCzqmGqMWezWI4DFfVHM=; b=aV1BoZAfPbvl31/K3dSQcUgA2kk1mlPYW0nMCxdO89VSUl8lxMlouwaqlXZvLSe/NH PX4rDYM/Jae0Qc5DW4hHCGgy1LZVtFX8hWb8FOLcm2Mh0kWl45bEc9Ft5NkDnzj2rEHo o+SX6k7H1v1t7JSTzlO4dhvL9eq5vTD1QfGFjR/Vl7qCHtwEnes3CSbZw29ckE+631Se +GuaK6cBxW9LaBYv3I3WOCqBmAaoW8UqV49f29p44ToWt+37KJKD+YWZgqRsEq+6oyk9 4GekQoKaCIDbR/TwqfMvlz4w5vEQHqTKnIoGrF/N1+/c12rfA9+ZSOuSeO1yX5afHR2M DUNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:message-id:date:mime-version; bh=+VvLj+D+39pXou7UlH1yiTznCzqmGqMWezWI4DFfVHM=; b=o7GZA8SAz2oIT81JgbZq6OMLC56hEikRcZhoiddYruyJGeIe1cMRab+5CHZo7i9oQA bWPmeyB4qYiYMEf4avNTBwamGOJ8JIP2TvPX7b8FONv6RgPzPldJ5I2zc23x7anQU0iL +mNPj3RpSqh8Shat1lWjmdvHtGh4w2u+TudSvFZsJjwdgpq7V6ipr73wYE3q/Hfm5OLC Q1pqWAVo1ysoxwsxHn08eYOpeZZU8jUzWmfE9AjowivLAW9jo5xx+iE/CLetomVc6Uz7 NOudCtso2c7LJr8++zUbl8rSoqfizNNTLBmIvgLqzag0V87NDo8XD3Yv5EDkjFBcFMi2 jyYw== X-Gm-Message-State: AOAM530RXcOBKZnlcGHSQmQTCe89ppQBGRpUPLIFpP824V7mR2/J/mOA R6rRTXi0e1GpmBVIBl51ZWpTeWtJHzo= X-Google-Smtp-Source: ABdhPJwKPEOMK86BSRORQ2HK8siD7Ef35IT85Y40tsV1sKkaWODJ9sCtoibvV6KRmZ1f3HEr1srNXw== X-Received: by 2002:a17:902:a586:b029:fe:459b:2ce0 with SMTP id az6-20020a170902a586b02900fe459b2ce0mr996265plb.40.1622048851677; Wed, 26 May 2021 10:07:31 -0700 (PDT) Received: from localhost (180-150-91-8.b4965b.per.nbn.aussiebb.net. [180.150.91.8]) by smtp.gmail.com with ESMTPSA id r5sm4730962pjd.2.2021.05.26.10.07.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 May 2021 10:07:31 -0700 (PDT) References: <2nk0nl7asb.fsf@fencepost.gnu.org> User-agent: mu4e 1.4.15; emacs 28.0.50 From: Timothy To: Glenn Morris Subject: Re: bug#48676: Arbitrary code execution in Org export macros In-reply-to: <2nk0nl7asb.fsf@fencepost.gnu.org> Message-ID: <87mtsho240.fsf@gmail.com> Date: Thu, 27 May 2021 01:07:27 +0800 MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::62d; envelope-from=tecosaur@gmail.com; helo=mail-pl1-x62d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 48676@debbugs.gnu.org, emacs-orgmode@gnu.org Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1622050076; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=+VvLj+D+39pXou7UlH1yiTznCzqmGqMWezWI4DFfVHM=; b=fX4N9Y0SjWlM7enAdE0nyCU6I3eb6UwMDnKEUd/ZRFA901Ml9WDTIChXYsGLH1o06uQfDM EA5WvQfFdO6NswTllACXNnQlb8sYU0a0X6kKBQZwlgtxT1ly0yB0z6tsEv+6F5KJNs1bKm hCpKw2aMeXkhZ0JGQf48R7V5ZeUIbsnVijrUMt+3KmJ8R62X1uy5loP2erTPwg7UI5JaNY Feq58jlvwByKMnkZqcsZrl57T266sX+duxzNLuLtesUzfYN/R9Hr9SPKN5accKHURxXT+0 MX8rMpWO8MTL+STWZxWAUHP+jhBJCwlOUv7HdbWW6VbxmfumSV6DXwCWhJYocQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1622050076; a=rsa-sha256; cv=none; b=qd2mRsx8dShZeyHRtCHkLZwKFh30UiR2tIAQlxeRLn+DIKhtnDiSwbxzDKKIUEU4Kj57sf 7VIYafn7m7HzHZBR61Rt2az4MG85rZjNRnKM0ckDodogWNcd/jPH0ev65Rkxu4RYfY3vBx tvaCZi+CO24oyzjWXR898s8o0/w0vc0ygrJoALjM4Hm9+n3a1yDFpUz4SknNbhY8Nu/Ib/ HRmG1m2ujouxUTHeg2jp0ipTujLzgfh5RS1kduUR3xCx3M6r/A+ToECsYijf5A4mi4GMLg 8YL/XtaQc57D0Zy+COjdF1QRHFqE4di1b1WJMxiHm2Gn6JLoq5h8cG/98TxtUQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=aV1BoZAf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Migadu-Spam-Score: -3.13 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=aV1BoZAf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Migadu-Queue-Id: 35455D5AE X-Spam-Score: -3.13 X-Migadu-Scanner: scn0.migadu.com X-TUID: BnQooXDm47pN Thanks for reporting this. Glenn Morris writes: > This seems contrary to normal Emacs practice for risky local variables, Hmm, correct me if I'm wrong but the issue with risky local variables is that they affect Emacs before the user sees them in the file? If this is an important distinction, it means this particular type of concern does not apply to Org #+macro statements, as they are not executed when the user opens the file. That said, if one were making say an automated Org file exporter or something, I could see this being problematic. Perhaps a var set to allow macros by default could be a good idea. > and to the section "Code Evaluation and Security Issues" in the Org manual > (which does not mention macros). Looks like this should be updated regardless of the above. -- Timothy