From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id YJkDIYscrF+lRgAA0tVLHw (envelope-from ) for ; Wed, 11 Nov 2020 17:16:59 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 0I73HIscrF+fbQAAB5/wlQ (envelope-from ) for ; Wed, 11 Nov 2020 17:16:59 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 12BFC9404E0 for ; Wed, 11 Nov 2020 17:16:57 +0000 (UTC) Received: from localhost ([::1]:55168 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kctjs-00027n-CO for larch@yhetil.org; Wed, 11 Nov 2020 12:16:56 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51170) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kctdT-0007dm-9N for emacs-orgmode@gnu.org; Wed, 11 Nov 2020 12:10:19 -0500 Received: from static.214.254.202.116.clients.your-server.de ([116.202.254.214]:40720 helo=ciao.gmane.io) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kctdQ-00011G-VB for emacs-orgmode@gnu.org; Wed, 11 Nov 2020 12:10:18 -0500 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1kctdL-0002c0-Rb for emacs-orgmode@gnu.org; Wed, 11 Nov 2020 18:10:11 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Maxim Nikulin Subject: Re: Thoughts on the standardization of Org Date: Thu, 12 Nov 2020 00:10:05 +0700 Message-ID: References: <877dqujj9t.fsf@gmail.com> <193258.1604981615@apollo2.minshall.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: Content-Language: en-US Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/11 05:55:22 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: 28 X-Spam_score: 2.8 X-Spam_bar: ++ X-Spam_report: (2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of emacs-orgmode-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=emacs-orgmode-bounces@gnu.org X-Spam-Score: -0.41 X-TUID: pOSDhwIeSFg6 2020-11-11 Jean Louis wrote: > * Maxim Nikulin [2020-11-10 19:31]: >> 2020-11-10 Greg Minshall wrote: >>> >>> i would guess >>> using 'cat -v' to read e-mail is 100% safe. even throwing in >>> uudecode(1), or whatever is needed to decode base64, (and then piping >>> through 'cat -v', of course ), it's probably still safe. >> >> Please, check that you have at least updated tmux before applying such >> "safe" handler: https://www.openwall.com/lists/oss-security/2020/11/05/3 The >> news are too recent to not mention the link in such context. >> >> The sour story is that it is unsafe to feed non-trusted files directly to >> terminal. A filter against control sequences is required. > > Is there anyway to disable control sequences? Than cat can be aliased. We were kidding. You do not need a terminal if you do not need control sequences. They plays the role of interface to allow line (or full screen) editing that is why control sequences is the essence of terminals. I suppose you would get tired almost immediately having to type everything strictly sequential without ability to remove even the last character. Some terminals allows to disable particular features, e.g. setting of title in xterm. But there are still a lot of rather basic capabilities. Likely pasting a command from a web page is a more real threat. E.g. zsh could be more restrictive than bash during copy a peace of text into terminal. If you have to work in non-trusted environments, some general recommendations (e.g. keep you system up to date) and isolation techniques (virtual machines or at least separate system users) could be applied. My point was that MIME handlers have to be carefully chosen. Even well known applications could have special options. And sorry, I somehow missed "-v" option of cat in Greg's message. It is exactly the case of a tool that everyone knows and a significantly more rare option.