From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id sOC+KNfEvl8vGgAA0tVLHw (envelope-from ) for ; Wed, 25 Nov 2020 20:55:51 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 0EmUJNfEvl/sHQAAB5/wlQ (envelope-from ) for ; Wed, 25 Nov 2020 20:55:51 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B4815940111 for ; Wed, 25 Nov 2020 20:55:50 +0000 (UTC) Received: from localhost ([::1]:52210 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ki1pN-0007F7-Ig for larch@yhetil.org; Wed, 25 Nov 2020 15:55:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51422) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ki1o6-0006WH-5T for emacs-orgmode@gnu.org; Wed, 25 Nov 2020 15:54:30 -0500 Received: from mail-pg1-x52a.google.com ([2607:f8b0:4864:20::52a]:33991) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ki1o4-0002R0-Ao for emacs-orgmode@gnu.org; Wed, 25 Nov 2020 15:54:29 -0500 Received: by mail-pg1-x52a.google.com with SMTP id l17so3495776pgk.1 for ; Wed, 25 Nov 2020 12:54:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:message-id :date:mime-version; bh=Yh3uxjToOD4szWSwjDIKVpdN7HabL1P46I12adb0/vc=; b=j7Wf2RKS4fguv+Yz7RgjSK1Z705Kvj57jyq8TNj/1IlJaRgdOMUZ0yS+fEweiKGl3G D+6MEhdOgQrZFD8bAaiXkrqAtMD7NqcOAbkO8m/nl53He6o5vVRdbyDuFsUPGyqz8ezj T4e51z2yR4IjZXvL4nKbzV//rk5VPZQ4+NmWO6u4hZxdgX/rhY0hy9GhY5VB+Jw1mx+r f+EfpqWGXQT7uJXEdbsSR4VHWyJoNAAUhhg/MFabB0E5A3lUnPJIG5ZU7nDRY91xUJtL CnPZKBGi/Bb7oEfF8RmHZrVJeRdF20HbNeVfMLxbAQVqVSNHH3fC/YLUzAqG9Xw7JSWK nY3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:message-id:date:mime-version; bh=Yh3uxjToOD4szWSwjDIKVpdN7HabL1P46I12adb0/vc=; b=bedwI24NEeEey2LnKC7XYEQXDMPkUp4yKi9nOIZosDsGrnCTXSSaAziOdghpfIAoMg ukdsoLJQL8UILwG7PU2xDA+Q3L5EELPivkscILVWNEUSIfKLeXKmOyzKniIf6KiCjA/3 Ei2s7tHpiGOa9IjfPokXrbhUW2rKejprTZZ9bIgv0bfWEnWB+bto0p75LulI8yNIiX1P TAbAHlxjpjO9O8wkQkfW8Uswv4YUVW0MMKI5VQa6J7/Phqa49W47mKvsm3RLfu7l/UGv GycgzocDr2uA+OZH4iVckYRql6DtpkolJnYhXzJFfZhttFmtgMdKlWkv8FsPMOiPRhKR Uw1Q== X-Gm-Message-State: AOAM532btO7hH4Ov2MXGks+rXmuJSR2X7pE2mBO2+JR6qMMBCYWEjdnC 1r2DIdP/kvLYK69bpcqaZyO0TEBfkoQKTw== X-Google-Smtp-Source: ABdhPJwYHGIS1ovbYT70RbTj8ajHWLLkAl5eERtGXWqASbWn7YGiYoQ7YZMrTIh4MH6JXyaJxHi/BA== X-Received: by 2002:a05:6a00:1506:b029:18b:5a31:ed87 with SMTP id q6-20020a056a001506b029018b5a31ed87mr4627599pfu.55.1606337666096; Wed, 25 Nov 2020 12:54:26 -0800 (PST) Received: from tim-desktop (106-69-100-122.dyn.iinet.net.au. [106.69.100.122]) by smtp.gmail.com with ESMTPSA id b24sm3755360pjq.10.2020.11.25.12.54.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Nov 2020 12:54:25 -0800 (PST) References: <877dqbhtgf.fsf@ucl.ac.uk> <87zh36d1xn.fsf@web.de> <87y2iq6itk.fsf@gmail.com> <87eekhd1sq.fsf@ucl.ac.uk> <87a6v5bkss.fsf@ucl.ac.uk> User-agent: mu4e 1.5.7; emacs 27.1.50 From: Tim Cross To: Jean Louis Subject: Re: Local variables insecurities - Re: One vs many directories In-reply-to: Message-ID: <87pn416ttu.fsf@gmail.com> Date: Thu, 26 Nov 2020 07:54:21 +1100 MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=2607:f8b0:4864:20::52a; envelope-from=theophilusx@gmail.com; helo=mail-pg1-x52a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: emacs-orgmode@gnu.org Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=j7Wf2RKS; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Spam-Score: -1.71 X-TUID: 00kSGZJw3+xZ Jean Louis writes: > * Eric S Fraga [2020-11-25 16:58]: >> On Wednesday, 25 Nov 2020 at 16:13, Jean Louis wrote: >> > I use Mutt. >> > The message is opened in Emacs in mail-mode >> >> Ah, so mutt saves content in a file which is then opened by >> Emacs. Okay, that makes sense. Gnus does things the other way around: >> opens the buffer (associated with a file in the draft directory), >> inserts the content, and then puts the user in control. File local >> variables don't get a chance to be interpreted then. > > That is specific to Gnus. Any file opened by Emacs any will still > invoke the dialogue for local variables. > >> > Then I have been testing and even text files invoke local variables. >> >> Yes, of course. That's the whole point? > > You know that point is bad design and assumption that every user is > programmer who knows what are local variables and what are definitions > of Emacs functions, it is incredible situation. I guess this is probably the main point where we disagree. Emacs is first and foremost a programmers editor. It was never designed as a general purpose editor, but rather specifically as an editor for programmers. If you jump into a formula 1 race car, you would find it almost impossible to drive. The gearbox would be unfamiliar and difficult to use, the clutch would be difficult to use etc. If you got it going, you would have a high likelihood of crashing. Luckily, you would probably just stall and get nowhere. Is this the fault of the design of the race car or the driver? Would it make sense to change the design of a race car to use a standard gearbox and clutch just because at some point someone who is not a race car driver might want to drive it? Are there risks associated with local variables. Yes. Is there sufficient protection against these variables being used for malicious purposes in Emacs. I think the answer is yes. Is there any evidence of these variables being used for malicious purpose. None that I am aware of. Has there been bugs in the implementation of this facility - yes. Have these bugs been addressed once identified - yes. With respect to your email example, the number of people who are exposed is even less - it is really only those who are using it in the same manner as you. That is, where they have configured their mail client (such as Mutt) to use Emacs as the external editor. None of the Emacs mail clients I have used do this (this includes VM, mu4e, gnus, wonderlust and mew). anyone who has gone to the effort to configure their mail system to use an external editor and who then answers yes to the statement "...contains values that may not be safe. Do you want to apply it?" is someone with inherently unsafe practices. I doubt any change in wording or phrasing would be of any help for them. However, the correct way to deal with this would be to offer up a patch to the Emacs developers which improve this wording. I would suggest the set of people who are technically aware enough or have sufficient technical interest to have adopted emacs as their email viewer and who would still answer yes to any dialogue warning them of unsafe actions when opening content from an unknown source is very small. Local variables is a powerful and useful feature. Like many powerful features, it can be abused. We differ in our opinions on whether those safe guards are sufficient. I believe they are and I believe you are over stating the risks. I don't believe we will arrive at any consensus and I feel this thread has run its course. You are of course free to respond, but I will refrain from further participation as this has wondered off topic for org mode and I see little to be gained from further back and forth. -- Tim Cross