From: Matthew Lundin <mdl@imapmail.org>
To: Eric Schulte <schulte.eric@gmail.com>
Cc: Org Mode <emacs-orgmode@gnu.org>
Subject: Re: [ANN] Org-babel integrated into Org-mode
Date: Wed, 30 Jun 2010 08:13:51 -0400 [thread overview]
Message-ID: <87y6dwn2f4.fsf@fastmail.fm> (raw)
In-Reply-To: <87d3v98piu.fsf@gmail.com> (Eric Schulte's message of "Tue, 29 Jun 2010 15:03:53 -0700")
Hi Eric,
Thanks so much for taking these observations into account.
"Eric Schulte" <schulte.eric@gmail.com> writes:
> Thanks for raising the point about potentially dangerous code blocks.
>
> Matt Lundin <mdl@imapmail.org> writes:
>
>> Hi Eric,
>>
>> Thanks again for all the work that you, Dan, and Tom have put into
>> org-babel. I'm glad to see it become part of org-mode!
>>
>> "Eric Schulte" <schulte.eric@gmail.com> writes:
>>
>>> 2) Babel will now be loaded by default along with the rest of Org-mode.
>>> This means that *everyone* currently using babel will need to change
>>> their Emacs config and remove the (require 'org-babel-int) and/or
>>> (require 'org-babel) lines.
>>
>> I would like to request that org-babel be made an optional module. I ask
>> this as someone who uses org-babel regularly. Here are my reasons:
>>
>> - Org-babel adds rather specific and complex functionality to org-mode
>> that those who use it as a simple outliner and todo manager do not
>> require. (In other words, an option to turn it off might be nice for
>> those who are worried about "feature creep.")
>
> I'm less struck by this point, as there are many features of Org-mode
> which I personally don't understand or use and I'm certainly some
> features the existence of which I am completely unaware. However as
> long as Babel doesn't significantly affect load time, I'd rather it be
> present in the background, to simplify it's use.
Yes, I can certainly understand this. My own preference is for
modularity and minimalism---i.e., if possible, give users the option of
*not* loading or requiring a package. For example, I appreciate that
org-habit is a module --- one doesn't have to load it if one doesn't
want to. But org-habit is perhaps more clearly an "add-on" than is
org-babel. Having used the latter only for perl, python, and shell code
evaluation, I imagine I underestimate the enhancements it makes to the
core functionality of org source blocks. :)
>> - Org-babel increases the risk of accidentally executing malicious or
>> dangerous code when typing C-c C-c on a src block or exporting a
>> file. Perhaps users should activate it only after they understand
>> the risks.
>>
>> + For instance, I might write a blog post warning about the dangers
>> of typing "rm -rf ~/". If I put this between #+begin_src sh
>> and #+end_src and unthinkingly hit C-c C-c, I would be in trouble.
>> I believe this is the reason for the variables
>> org-confirm-shell-link-function and
>> org-confirm-elisp-link-function.
>>
>
> This to me is a much more motivating concern. With arbitrary code
> evaluation there is unlimited room for mayhem and destruction (both
> malicious and accidental), although anyone who works with code in any
> form is already exposed to such risks.
>
Yes, this is my primary concern.
>>
>> + This is admitted a bit far-fetched as an example, as it would
>> require one to have loaded ob-sh.el. But since elisp execution is
>> activated by default, there remain opportunities for unwittingly
>> executing code that is meant for other purposes (e.g., warnings,
>> examples, etc.).
>>
>
> No I don't think it's far fetched at all. I think any of the three
> following solutions (with a strong preference for the first) should
> address this problem.
>
> 1) My preferred solution would be to keep things largely as they are,
> only w/o emacs-lisp activated by default. That way there is no
> required configuration change for babel users (aside from having to
> add an 'ob-emacs-lisp require), and we address the issue of
> unintentional code execution -- anyone who has activated a language
> is presumably aware of what they are doing.
>
> Additionally this solution would retain some non-active Babel
> features like tangling.
>
> 2) We could add a new global environment variable along the lines of
> org-confirm-shell-link-function, say org-confirm-babel-execution or
> somesuch. This would be easy to implement, and would retain tangle
> like functionality but doesn't seem as conceptually clean as the
> above solution.
Perhaps some combination of 1 and 2?
Best,
Matt
next prev parent reply other threads:[~2010-06-30 12:08 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-23 21:09 [ANN] Org-babel integrated into Org-mode Eric Schulte
2010-06-23 23:23 ` Sebastian Rose
2010-06-23 23:41 ` Eric Schulte
2010-06-24 0:03 ` Bernt Hansen
2010-06-24 0:39 ` Eric Schulte
2010-06-24 5:12 ` Nathan Neff
2010-06-24 5:42 ` Eric Schulte
2010-06-24 7:31 ` Sébastien Vauban
2010-06-24 16:27 ` Eric Schulte
2010-06-25 8:28 ` Rainer M Krug
2010-06-25 15:37 ` Eric Schulte
2010-06-26 8:45 ` Štěpán Němec
2010-06-26 15:59 ` Eric Schulte
2010-06-26 16:30 ` Štěpán Němec
2010-06-26 17:27 ` Eric Schulte
2010-06-26 18:45 ` Stephan Schmitt
2010-06-26 19:42 ` Carsten Dominik
2010-06-26 19:51 ` Štěpán Němec
2010-06-28 7:55 ` Rainer M Krug
2010-06-28 11:53 ` Štěpán Němec
2010-06-28 12:16 ` Rainer M Krug
2010-06-28 12:54 ` Bernt Hansen
2010-06-28 13:18 ` Rainer M Krug
2010-06-28 13:25 ` Bernt Hansen
2010-06-28 13:36 ` Rainer M Krug
2010-06-28 16:03 ` Eric Schulte
2010-06-29 7:11 ` Rainer M Krug
2010-06-28 11:32 ` Christopher Witte
2010-06-28 16:59 ` Eric Schulte
2010-07-02 15:50 ` Christopher Witte
2010-06-29 18:23 ` Matt Lundin
2010-06-29 19:08 ` Nick Dokos
2010-06-29 21:01 ` Matt Lundin
2010-06-29 21:27 ` Matthew Lundin
2010-06-29 22:12 ` Nick Dokos
2010-06-29 22:03 ` Eric Schulte
2010-06-29 23:09 ` Eric Schulte
2010-06-29 23:11 ` Eric Schulte
2010-06-30 2:21 ` Nick Dokos
2010-06-30 5:37 ` Eric Schulte
2010-06-30 5:40 ` Eric Schulte
2010-06-30 12:13 ` Matthew Lundin [this message]
2010-06-30 9:27 ` Carsten Dominik
2010-06-30 9:59 ` Scot Becker
2010-06-30 12:53 ` Matthew Lundin
2010-06-30 13:24 ` Carsten Dominik
2010-06-30 16:25 ` Eric Schulte
2010-06-30 17:01 ` Dan Davison
2010-06-30 17:17 ` Eric Schulte
2010-06-30 23:08 ` Stephan Schmitt
2010-07-01 0:20 ` Matthew Lundin
2010-07-01 6:27 ` Carsten Dominik
2010-07-01 16:11 ` Nick Dokos
2010-07-01 20:24 ` Sébastien Vauban
2010-07-01 22:14 ` Nick Dokos
2010-06-30 19:41 ` Eric Schulte
2010-07-01 7:20 ` Carsten Dominik
2010-07-01 14:55 ` Eric Schulte
2010-07-01 20:39 ` Eric Schulte
2010-07-01 22:13 ` Christian Moe
2010-07-02 4:22 ` Carsten Dominik
2010-07-02 18:52 ` Eric Schulte
2010-07-02 8:38 ` Carsten Dominik
2010-06-30 19:01 ` Eric Schulte
2010-06-30 20:47 ` Matthew Lundin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y6dwn2f4.fsf@fastmail.fm \
--to=mdl@imapmail.org \
--cc=emacs-orgmode@gnu.org \
--cc=schulte.eric@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).