From: Jean Louis <bugs@gnu.support>
To: Tim Cross <theophilusx@gmail.com>
Cc: emacs-orgmode@gnu.org
Subject: Re: Local variables insecurities - Re: One vs many directories
Date: Thu, 26 Nov 2020 01:09:13 +0300 [thread overview]
Message-ID: <X77WCeAP00KTdRpE@protected.rcdrun.com> (raw)
In-Reply-To: <87pn416ttu.fsf@gmail.com>
* Tim Cross <theophilusx@gmail.com> [2020-11-25 23:54]:
> I guess this is probably the main point where we disagree.
>
> Emacs is first and foremost a programmers editor. It was never designed
> as a general purpose editor, but rather specifically as an editor for
> programmers.
Yes. And when I was born as baby I was designed for milk, not for
typing, times change. People use GNU/Linux and Emacs is not advertised
as programmers or exclusively programmers editor. Some other editors
are advertised that way. So think how many hundreds of thousands of
users are working with Emacs.
Here is how Debian GNU/Linux describes it:
https://packages.debian.org/buster/emacs
If there are 10 programmers there are probably 100 if not 500
non-programmers.
> If you jump into a formula 1 race car, you would find it almost
> impossible to drive. The gearbox would be unfamiliar and difficult to
> use, the clutch would be difficult to use etc. If you got it going, you
> would have a high likelihood of crashing. Luckily, you would probably
> just stall and get nowhere.
>
> Is this the fault of the design of the race car or the driver?
Race cars are not distributed through GNU/Linux operating systems and
are not easily downloadable by everybody, in general, they are also
expensive. While it all sounds entertaining, Emacs is not a race
car. And we cannot say to users not to use it if they are not Formula
One Drivers.
> With respect to your email example, the number of people who are exposed
> is even less - it is really only those who are using it in the same
> manner as you. That is, where they have configured their mail client
> (such as Mutt) to use Emacs as the external editor. None of the Emacs
> mail clients I have used do this (this includes VM, mu4e, gnus,
> wonderlust and mew).
I do not need to use Emacs with Mutt to invoke local variables. I can
get files by any means and by any opening of the file with Emacs it
will be invoked. Somebody could send me file to download and
open. File can come from anywhere, it is not Mutt related really.
Gnus buffers and email clients do not invoke local variables and that
is fine. But security issue is not email centric, but file centric.
> anyone who has gone to the effort to configure their mail system to use
> an external editor and who then answers yes to the statement
> "...contains values that may not be safe. Do you want to apply it?" is
> someone with inherently unsafe practices.
That is very rigid assumption. People set editors for various email
clients since decades. Try to think from another people's view points.
Here is example:
https://stackoverflow.com/questions/15865495/opening-a-file-in-emacs-values-that-are-not-safe
That person has quite different view point. Person asks "Why it would
not be safe?" and one should know when one person writes there for an
answer there are probably thousand other persons who did not write for
the answer.
Other person asked:
"Thanks, that's very helpful. Why would a file (i.e. the author of the
file) require or ask Emacs to apply configuration values when just
opening/visiting the file? – Amelio Vazquez-Reina"
I know why, but people using Emacs are asking why. Many will not ask
and will say, damn YES, as I feel safe!
Denial of Service Attacks possible:
https://github.com/aquamacs-emacs/aquamacs-emacs/issues/147
https://gitmemory.com/issue/davidswelt/aquamacs-emacs/147/478196367
.emacs considered not safe:
https://www.cs.ait.ac.th/~on/O/oreilly/tcpip/puis/ch11_05.htm
OK then now back to Org discussions.
Jean
next prev parent reply other threads:[~2020-11-25 22:10 UTC|newest]
Thread overview: 151+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-21 0:33 One vs many directories Texas Cyberthal
2020-11-21 5:13 ` Ihor Radchenko
2020-11-21 7:56 ` Jean Louis
2020-11-21 8:31 ` Texas Cyberthal
2020-11-21 9:29 ` Marvin ‘quintus’ Gülker
2020-11-21 10:21 ` Jean Louis
2020-11-21 15:00 ` Texas Cyberthal
2020-11-21 16:08 ` Jean Louis
2020-11-21 15:03 ` Dr. Arne Babenhauserheide
2020-11-21 15:45 ` Texas Cyberthal
2020-11-21 17:12 ` Jean Louis
2020-11-21 18:01 ` Texas Cyberthal
2020-11-21 18:57 ` Jean Louis
2020-11-22 6:36 ` Ihor Radchenko
2020-11-22 7:20 ` Jean Louis
2020-11-22 8:32 ` Ihor Radchenko
2020-11-22 8:56 ` Jean Louis
2020-11-21 22:36 ` Dr. Arne Babenhauserheide
[not found] ` <CAMUm491Psp0u5JKyGROP6M=UfAcvOLTtOKAD1rOearV+KxgYdQ@mail.gmail.com>
[not found] ` <87r1olfvh4.fsf@web.de>
2020-11-23 9:50 ` Texas Cyberthal
2020-11-23 13:17 ` Jean Louis
2020-11-23 14:16 ` Ihor Radchenko
2020-11-23 18:08 ` Is Org really so simple? Jean Louis
2020-11-23 20:41 ` Tom Gillespie
2020-11-24 5:06 ` Jean Louis
2020-11-26 3:08 ` Ihor Radchenko
2020-11-26 8:57 ` Jean Louis
2020-11-29 7:20 ` Ihor Radchenko
2020-11-29 16:22 ` Jean Louis
2020-11-26 18:07 ` Dr. Arne Babenhauserheide
2020-11-26 23:09 ` David Rogers
2020-11-27 0:43 ` Tim Cross
2020-11-27 2:56 ` Jean Louis
2020-11-23 16:07 ` One vs many directories Texas Cyberthal
2020-11-23 19:20 ` Jean Louis
2020-11-24 7:55 ` Ihor Radchenko
2020-11-28 16:16 ` Jean Louis
2020-11-28 16:33 ` Christopher Dimech
2020-11-25 6:57 ` Texas Cyberthal
2020-11-25 9:51 ` Jean Louis
2020-11-25 10:39 ` Texas Cyberthal
2020-11-25 11:02 ` Jean Louis
2020-11-26 16:04 ` Texas Cyberthal
2020-11-26 17:31 ` Jean Louis
2020-11-27 9:00 ` Texas Cyberthal
2020-11-27 10:45 ` Jean Louis
2020-11-28 8:18 ` Texas Cyberthal
2020-11-28 10:09 ` Jean Louis
2020-11-29 6:18 ` Texas Cyberthal
2020-11-29 6:53 ` Jean Louis
2020-11-30 7:35 ` Texas Cyberthal
2020-11-30 7:50 ` Ihor Radchenko
2020-11-30 10:25 ` Texas Cyberthal
2020-11-30 10:57 ` Jean Louis
2020-11-30 12:27 ` Ihor Radchenko
2020-11-30 12:28 ` Ihor Radchenko
2020-11-30 19:00 ` Jean Louis
2020-12-02 2:56 ` Ihor Radchenko
2020-12-02 6:14 ` Jean Louis
2020-12-02 7:23 ` Ihor Radchenko
2020-11-21 16:55 ` Jean Louis
2020-11-21 22:48 ` Dr. Arne Babenhauserheide
2020-11-22 0:48 ` Jean Louis
2020-11-22 2:47 ` briangpowell
2020-11-22 17:55 ` Jean Louis
2020-11-21 6:12 ` Palak Mathur
2020-11-21 9:04 ` Jean Louis
2020-11-21 6:36 ` Jean Louis
2020-11-21 7:17 ` Texas Cyberthal
2020-11-21 9:53 ` Jean Louis
2020-11-21 10:15 ` Tim Cross
2020-11-21 11:18 ` Jean Louis
2020-11-21 14:44 ` Texas Cyberthal
2020-11-21 15:45 ` Jean Louis
2020-11-23 5:40 ` Ihor Radchenko
2020-11-24 9:00 ` Jean Louis
2020-11-24 9:45 ` Eric S Fraga
2020-11-24 9:51 ` Jean Louis
2020-11-24 11:42 ` Eric S Fraga
2020-11-24 13:13 ` Diego Zamboni
2020-11-24 13:49 ` Jean Louis
2020-11-24 17:02 ` Jean Louis
2020-11-24 18:50 ` Dr. Arne Babenhauserheide
2020-11-24 18:58 ` Jean Louis
2020-11-25 6:39 ` Tim Cross
2020-11-25 12:38 ` Local variables insecurities - " Jean Louis
2020-11-25 13:05 ` Eric S Fraga
2020-11-25 13:13 ` Jean Louis
2020-11-25 13:58 ` Eric S Fraga
2020-11-25 14:07 ` Jean Louis
2020-11-25 20:54 ` Tim Cross
2020-11-25 22:09 ` Jean Louis [this message]
2020-11-26 2:06 ` Tom Gillespie
2020-11-26 5:06 ` Jean Louis
2020-11-26 5:31 ` Jean Louis
2020-11-26 6:18 ` Tom Gillespie
2020-11-26 9:10 ` Jean Louis
2020-11-26 11:44 ` Detlef Steuer
2020-11-26 12:06 ` Jean Louis
2020-11-26 5:34 ` Greg Minshall
2020-11-26 5:49 ` Jean Louis
2020-11-26 8:39 ` Christian Moe
2020-11-25 8:10 ` Dr. Arne Babenhauserheide
2020-11-25 8:36 ` Local variables liberties Jean Louis
2020-11-24 20:11 ` One vs many directories Tom Gillespie
2020-11-24 20:39 ` Tim Cross
2020-11-25 4:54 ` Jean Louis
2020-11-25 5:54 ` Tim Cross
2020-11-25 7:01 ` Local variables issue - " Jean Louis
2020-11-25 5:06 ` Jean Louis
2020-11-25 7:00 ` Tim Cross
2020-11-25 8:23 ` Security issues in Emacs packages Jean Louis
2020-11-25 9:07 ` tomas
2020-11-25 9:26 ` Jean Louis
2020-11-25 10:41 ` tomas
2020-11-25 22:46 ` Tim Cross
2020-11-25 23:07 ` Jean Louis
2020-11-25 23:39 ` Tim Cross
2020-11-26 5:24 ` Jean Louis
2020-11-26 6:46 ` Tim Cross
2020-11-26 5:29 ` Greg Minshall
2020-11-26 5:53 ` Jean Louis
2020-11-26 6:35 ` Tim Cross
2020-11-26 12:27 ` Greg Minshall
2020-11-26 22:20 ` Tim Cross
2020-11-27 2:19 ` Jean Louis
2020-11-27 4:42 ` Greg Minshall
2020-11-25 4:44 ` One vs many directories Jean Louis
2020-11-25 10:19 ` org-sbe to automate some source block executions Jean Louis
2020-11-25 11:39 ` Ihor Radchenko
2020-11-25 15:06 ` Jean Louis
2020-11-25 11:46 ` One vs many directories Jean Louis
2020-11-25 13:07 ` Eric S Fraga
2020-11-25 13:14 ` Jean Louis
2020-11-25 13:12 ` Ihor Radchenko
2020-11-25 13:32 ` Jean Louis
2020-11-24 18:47 ` Dr. Arne Babenhauserheide
2020-11-24 18:54 ` Jean Louis
2020-11-25 8:14 ` Dr. Arne Babenhauserheide
2020-11-25 8:46 ` Jean Louis
2020-11-25 11:46 ` Ihor Radchenko
2020-11-26 12:47 ` Jean Louis
2020-11-26 13:27 ` Ihor Radchenko
2020-12-02 10:12 ` Jean Louis
2020-12-02 9:49 ` Jean Louis
2020-11-26 3:47 ` Ihor Radchenko
2020-11-26 3:32 ` Ihor Radchenko
2020-11-26 11:58 ` Jean Louis
2020-11-29 7:56 ` Ihor Radchenko
2020-11-29 17:57 ` Jean Louis
2020-11-21 13:41 ` Jonathan McHugh
2020-11-21 14:04 ` Jean Louis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X77WCeAP00KTdRpE@protected.rcdrun.com \
--to=bugs@gnu.support \
--cc=emacs-orgmode@gnu.org \
--cc=theophilusx@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).