From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id OLguGExqWWNtMAAAbAwnHQ (envelope-from ) for ; Wed, 26 Oct 2022 19:11:40 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id mAIgGExqWWOHqAAA9RJhRA (envelope-from ) for ; Wed, 26 Oct 2022 19:11:40 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 447A1312D5 for ; Wed, 26 Oct 2022 19:11:40 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1onjsP-0005Dx-QW; Wed, 26 Oct 2022 13:07:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onjsN-0005BO-QX for emacs-orgmode@gnu.org; Wed, 26 Oct 2022 13:07:35 -0400 Received: from mail-lj1-x233.google.com ([2a00:1450:4864:20::233]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1onjsK-000622-UX for emacs-orgmode@gnu.org; Wed, 26 Oct 2022 13:07:35 -0400 Received: by mail-lj1-x233.google.com with SMTP id o4so18170840ljp.8 for ; Wed, 26 Oct 2022 10:07:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=7g2QvdEWXZFcN9igDWPDG8H6NSoIGEXzunmMRT29fvM=; b=gHt3nTbwejoC8OTO0E+5ND4DjLj73m2FAS9OtmspU+YW536WWRXoVcDolIaNopbpyi anovOkACc9NevL2Ez4xyoQ1YAIEsDGpsOqTQYZVzeDgBpoFtaBoanZObdU29krVZPnqb 39TmVMX+v+UymmZ3PcDv3hfQGtJxfFE3Ec1/NibfCM3VaSEe5j7x1oz8iGb0GvBj1fCh E5xuraIVfgd5EvJd5EOATwenaErWdSMpZ/xoo4YaEZB1eq84ZTHQWMdPlJSnPBBbA/6b e5Pm+C9fJMAZjaNJrkl32oEUW7TeM+Pn0IPe6GbojyrUq8pIVNtLdaG5X/AG3Nm5qEMj BD1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7g2QvdEWXZFcN9igDWPDG8H6NSoIGEXzunmMRT29fvM=; b=otxah4r5U4JJckDRoJDkZPMkUKTQI0bmvxR4i5gpKbGsGaOn74ce6BHdJmbiXVFt+Z 9nB0sOCaRWilnITYOrd7MZW3IPYjF5vY9XUA803mMC4Ua4L/BTrtfr9dlCP1MzZebGRR qhnDdayNrB3eiAh6/SZHSC1AnrLNI7R8dYAIOitr9PTBpn6bysvcjJ0QfkSKSCaI+Ggt YCqB3xa9BNT+DRSn1P5xUHDptAnxn+ZzHJM0fR7FweuIjtugd3c4j1NSkEqqkxSXpgWP 14uKqX30YqO0K84eUy+O6LPAuHlP6ZmbjNsO+Hh+XEOcyA6LI0ErSofbJNfb/SFC46h0 tPvA== X-Gm-Message-State: ACrzQf3NihSLk7i8Lycba7OYsKabDapJgDCKzefbi1GP9xCTKlOlOK+y amZd5L8Zkd3ImjsoV+lEkw0= X-Google-Smtp-Source: AMsMyM4EEv0IdFf+5zlXUS6v2XFYMxDfy1n8OzUEVyhE6A3wGGfVCvWtrjNAuwYVxpndDw+2lScSyw== X-Received: by 2002:a2e:940f:0:b0:26f:c160:6ddc with SMTP id i15-20020a2e940f000000b0026fc1606ddcmr17435156ljh.164.1666804050624; Wed, 26 Oct 2022 10:07:30 -0700 (PDT) Received: from [192.168.0.101] (nat-0-0.nsk.sibset.net. [5.44.169.188]) by smtp.googlemail.com with ESMTPSA id z25-20020a2eb539000000b0026fc8855c20sm1016164ljm.19.2022.10.26.10.07.29 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Oct 2022 10:07:30 -0700 (PDT) Message-ID: Date: Thu, 27 Oct 2022 00:07:28 +0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Subject: Re: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly Content-Language: en-US To: Stefan Kangas , 58774@debbugs.gnu.org, emacs-orgmode@gnu.org References: <86bkq0qf8p.fsf@protected.rcdrun.com> <87bkq0t03l.fsf@web.de> <87v8o7qzff.fsf@localhost> From: Max Nikulin In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=2a00:1450:4864:20::233; envelope-from=manikulin@gmail.com; helo=mail-lj1-x233.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Emacs-orgmode" Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1666804300; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=7g2QvdEWXZFcN9igDWPDG8H6NSoIGEXzunmMRT29fvM=; b=QVfdJtZySjxeHEXTBHG4kTu4kferUjVaZKGQCLS0rKmSdgd+qsTiiZYzhseqwjwcVzpq2S yhbPrV67HTp2UyIKXG9vdWmZmdkPjUYisHuHfgcIeR9MEC8xC0+6czPhxlVgQOjAI0Vzbj OZhb/T3Zd3z0LIc4Ed7edO7SsIg07TOLuIJO5f2KHYA+LzkVtUy+d3x2aikVWRcQFuP/1h YpcHL1SyPWtQJ86e+CfPGS5a96W/P63JlMk16hakxd67sos6lMcqK2MAqb7coejnYMMTS6 51GdONE5PPKTWltyNGtCNjGvObLkQRsPUYjydxAiJUuwzBoG8UTaq9Ld1dY96A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666804300; a=rsa-sha256; cv=none; b=bVeHLBHhx3DkivEL3YuyI/CgTebrqpGXMTjJ6TTX7p6+aGE5cy4qY5MjwLuPuXZ/2ASUhA 0CNmC6lt58JdhRI5dDsIRsAM/dNEwqsZYGzLAD/MQDjCeoIsonpBOV3uMK3v+vBKCsnjhi YXG1Y4WKQvBj0QtANruTGW0Ad4kiB3YEPLD3LO3f+oE9SZkQry+dupwGiYOexyT5xbrBLV P5osrCdF8doqHjWpUNZI+ESnMRdlUPggTONr9N4FjZYiGCFjyIFpWzfQdPfHz+ZALXmXun BmXsuTST3tM2m1N6GvjxjjtqFXIR5J7Uu27VdHoaCnBgS4TdjRoN5oBNxJ1Rnw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=gHt3nTbw; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 7.48 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=gHt3nTbw; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 447A1312D5 X-Spam-Score: 7.48 X-Migadu-Scanner: scn0.migadu.com X-TUID: tnk8TeaeqLSX On 26/10/2022 15:21, Jean Louis wrote: > > (defun browse-safe-url (url &optional arg) ----------------^^^^ > "Browse URL with b" > (let ((username "joedoe")) ;; different username than my own > ;; Insecurity settings for personal DISPLAY only > (shell-command "xhost +") > ;; Browse URL with different username > (async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c" > (format "exec iceweasel \"%s\"" url)))) -------------------------------------------------^^^^^^ Do not name "safe" a function having security vulnerabilities. Leaving aside XAuth issues, it allows arbitrary command execution if URL for some reason is not properly percent-encoded. Do you think your reasoning related to security is still convincing? If you were just requested mapping of Content-Type to some mode in eww, perhaps it would pass. You demanded Org mode configured by default. Org have enough means to execute arbitrary code with minimal efforts from user side. E.g. value of table cell may be recalculated. Org files originating from non-trusted sources must be carefully evaluated before opening them in Emacs. Sometimes Org developer and maintainers do not have enough resources to react to security-related reports. An issue not so dangerous in the current state becomes really weird if Org mode becomes a default handler for files fetched from net. You may fight for your right to freely shoot your legs but you must be careful enough to not injury people around. Reputation of Emacs may be significantly affected by the requested change. I am strongly against Org mode as a default handler for files downloaded from web sites. Eww user option, if implemented, should have prominent warning that particular mode may not be ready for such usage and each case should be carefully evaluated for security issues.