From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Charles C. Berry" Subject: Re: org-export-babel-evaluate=nil ignores ":exports results" setting - this has changed Date: Tue, 21 Feb 2017 08:40:41 -0800 Message-ID: References: <38f5c7e0-b000-f8bd-97dd-6947e3272511@psi.ch> <87fuj7u89l.fsf@trex> Mime-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="0-1191986881-1487695241=:669" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43627) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cgDUg-0004SI-FC for emacs-orgmode@gnu.org; Tue, 21 Feb 2017 11:40:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cgDUd-0005Fs-C6 for emacs-orgmode@gnu.org; Tue, 21 Feb 2017 11:40:50 -0500 Received: from iport-acv3-out.ucsd.edu ([132.239.0.4]:10081) by eggs.gnu.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.71) (envelope-from ) id 1cgDUc-0005FD-TC for emacs-orgmode@gnu.org; Tue, 21 Feb 2017 11:40:47 -0500 In-Reply-To: <87fuj7u89l.fsf@trex> List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Sender: "Emacs-orgmode" To: Aaron Ecay Cc: emacs-orgmode@gnu.org, Derek Feichtinger This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1191986881-1487695241=:669 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Tue, 21 Feb 2017, Aaron Ecay wrote: > Hi Chuck, > > 2017ko otsailak 20an, "Charles C. Berry"-ek idatzi zuen: > > [...] > > >> >> Allowing header args to be processed (as before) also allows for arbitrary >> code to be executed. The point of setting ‘org-export-use-babel’ or >> `org-export-babel-evaluate' to nil was to prevent this. For that reason >> the former behavior was a bug. > > Iʼm not sure I agree that itʼs so simple. There are still ways to execute > arbitrary code on export independently of babel (e.g. eval macros). The > advice to use o-e-babel-evaluate for security was never (IMO) correct – > the only properly secure wat to export untrusted documents would involve > some kind of sandboxing of the emacs executable. > Fair enough. [snip] > > Taking a step back, I would ask what justifies o-e-b-eʼs existence at > all. This thread demonstrates that itʼs not the right way to prevent > babel blocks from executing on export. Itʼs also not a good solution to > the security issue. Given the potential for confusion, Iʼd be in favor > of deprecating it entirely unless thereʼs some compelling reason for it > to exist that Iʼve overlooked. In view of your point above about `eval' macros, I do not disagree. Chuck. --0-1191986881-1487695241=:669--