From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id CMI/I7xuy2UgeAAAe85BDQ:P1 (envelope-from ) for ; Tue, 13 Feb 2024 14:29:32 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id CMI/I7xuy2UgeAAAe85BDQ (envelope-from ) for ; Tue, 13 Feb 2024 14:29:32 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=Pql0ByPb; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=posteo.net ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1707830972; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=SKByoyy4eFFGzKkHT8AnV5YsSnmn7tcLxNgQvvTK0/k=; b=VgJj19HZSH4SO02M1JSJiHyBJ/pO01hgkYiEJfzXRLeMkYw4zOZhpFhJZYXSKc8U2ypMX0 CRN8loa4C2Nj29bkPZImhJ/sio/Qc+SicVXPtm5GfD82mTM9So69jBuA0UjKeuSxwD5uw8 DtFGB+qyCCrKkPpPn/2UeNQzBffQU9I2s+Y/oVfuA1NhyIMMl8bikNILFfxx6JVm4E9lrR oUE6BexSi3Bm5+hlovjEYFZtRU3TKWbirzFH0/DJwLT440NOlaxs2aSBuYtoNvejow2UEZ mrCAOgMNF+GthWPkyq2m+pCUOqHCgOtmpovH8nTdsvHODYmYH43wabZcNFsW9A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=posteo.net header.s=2017 header.b=Pql0ByPb; spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=posteo.net ARC-Seal: i=1; s=key1; d=yhetil.org; t=1707830972; a=rsa-sha256; cv=none; b=Cze7E94I3ZkBxDQvJ7UkoVU47sksOzRSRWFabqlxCR0C5uJk5PAhpZii7OaW1JT9nnVE/h +s+k969NhOEk4mMjvFqYPAkrQhLpnQLqpTaiNfaQ/nP4VILewH9Nn/zHvbUbxefj88hkYe jCwXwYpkNOmqKhBiLn16JFvZN9NbW7GQ/mWDHf2f14N1xXSb+LTP1DKHLWL6zD3aNo74Ft 4LuSR+kRwkzfjkFypECGnh9de/GVUxdVAL6ek1cd6yiztbYNSg9qk9zKwR7WEnO1KIrJvh Qa+dJxjXVXUxqcm3e/raCcLo5tzzCR0ZsDv72rkStmtfCYKF9+PqlUj8a/GtQQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CCB1D3A930 for ; Tue, 13 Feb 2024 14:29:31 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rZspw-0008J2-QO; Tue, 13 Feb 2024 08:28:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rZspo-0008G2-Qt for emacs-orgmode@gnu.org; Tue, 13 Feb 2024 08:28:32 -0500 Received: from mout02.posteo.de ([185.67.36.66]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rZspl-0002Jh-HB for emacs-orgmode@gnu.org; Tue, 13 Feb 2024 08:28:28 -0500 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id AC54E240103 for ; Tue, 13 Feb 2024 14:28:21 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1707830901; bh=4GVg8Q8AA0yuW7h+RV1uwYeILcSs4ff5oIbnrVE0t8I=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type: From; b=Pql0ByPb9xkSqxSNrU/Km5HrGjWRW8bpS5yjL1eD8w3AmvowGy73cEhkkOxGbmecj +7YpkoIEELayUBvdOfSfOavzWwIQz19gsG9OC0vJoWiiy1WIRnicA+YhmLmEUXvV2B qR56/sQKmmIV26/cIJT4CWrPlYbMoXjsNsTSiU/ud8rQegbnSmw+/FKjpd4NWkB83R U3mYoej1vkuj++uFmMoOM3tzqtaSp9DJZoTJyFlDiLwDDAqRot6rQCy5CtrMh4lGgc NckwfclmYcqYhsjk8BVHikj1JsxbXEvJKiImd88Rktree7TDvcBpdIEZngUZJrBbgM pO9BLXrhOnVuw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4TZ2Fw6yDLz6ty5; Tue, 13 Feb 2024 14:28:20 +0100 (CET) From: Ihor Radchenko To: Max Nikulin Cc: emacs-orgmode@gnu.org Subject: Re: [BUG] Org may fetch remote content without asking user consent In-Reply-To: References: <87bk8s45ja.fsf@localhost> <87a5ocqjy6.fsf@localhost> <874jej0zcb.fsf@localhost> Date: Tue, 13 Feb 2024 13:31:55 +0000 Message-ID: <87y1bolcc4.fsf@localhost> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=185.67.36.66; envelope-from=yantar92@posteo.net; helo=mout02.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -8.20 X-Migadu-Scanner: mx13.migadu.com X-Spam-Score: -8.20 X-Migadu-Queue-Id: CCB1D3A930 X-TUID: KDr1LFnDE4wm Max Nikulin writes: > On 08/02/2024 22:07, Ihor Radchenko wrote: >> >> `org--safe-remote-resource-p' checks the containing Org file as well, in >> addition to #+included URL. > > If my reading of the code is correct then it considers > /ssh:host:org/include.org as safe if file:///ssh:host:org/test.org is > added to `org-safe-remote-resources'. I was considering a case when > there is no matching entry in `org-safe-remote-resources'. The user > opens (C-x C-f) /ssh:host:org/test.org and likely it is enough to > consider /ssh:host:org/include.org safe as well due to the same origin > "/ssh:host:". I don't think so. And even if it is safe, I do not view it as a major obstacle that will annoy users. There is an option to add the current host to safe resources. No reason to layer complicated logic here - simpler is more reliable. >>> I am not confident in proper policy though. When some URI matches a >>> pattern in the safe list, likely it is suitable for files created by the >>> user and it is not really safe to allow it for a mail message attachment. >> >> May you elaborate? > > Consider a user that has "#+include:" loaded from their own public > repository and used for some babel computations. It is safe when > included into user's files. I am not sure that it is safe for an org > file opened through a link in the browser. Perhaps it is better to avoid > included files in `org-safe-remote-resources' and add local directories > there. What we may do is to add #+include + current file combination as safe when user answers "!". -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at . Support Org development at , or support my work at