From: Max Nikulin <manikulin@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
Date: Thu, 15 Dec 2022 19:10:33 +0700 [thread overview]
Message-ID: <tnf2rp$66i$1@ciao.gmane.io> (raw)
In-Reply-To: <87len9uj5s.fsf@localhost>
On 15/12/2022 16:10, Ihor Radchenko wrote:
> Max Nikulin writes:
>
>> I am still in doubts if
>>
>> 10e857d42 2022-10-28 11:09:50 +0800 Ihor Radchenko: org-babel-read: Obey
>> `org-confirm-babel-evaluate'
>>
>> was an unambiguous improvement. Perhaps it just forces more users to set
>> `org-confirm-babel-evaluate' to nil compromising their security to more
>> severe degree.
>
> Should we then extend `org-babel-check-evaluate' to accept "All" answer
> in the coming bugfix release?
I would consider reverting the commit causing user prompt for every
variable. I believe, there should be single prompt on attempt to execute
a source block. I admit it is not easy to implement.
Main purpose of the new patch is to allow old behavior. Unfortunately it
adds more complexity to logic around user prompts and classifying some
expressions as safe.
I am not comfortable with attempts to consider Org as a format for web
browser similar to HTML: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=58774
Features great for personal notebooks and authoring of documents are
disaster for documents from non-trusted sources.
In particular, I consider the following reaction as unreasonably
optimistic. I am afraid, a lot of work is required to achieve such goal.
https://list.orgmode.org/Y1uFDWOjZb85lk+3@protected.localdomain
Re: [BUG][Security] begin_src :var evaluated before the prompt to
confirm execution
On 28/10/2022 14:30, Jean Louis wrote:
> * Ihor Radchenko [2022-10-28 06:19]:
>> Jean Louis writes:
>>> * Max Nikulin [2022-10-27 06:21]:
>>>> Expected result:
>>>> No code from the Org buffer and linked files is executed prior to
>>>> confirmation from the user.
>>>
>>> Should that be or is it a general policy for Org mode?
>>
>> Yes, it is a general policy.
>> Org should not execute arbitrary Elisp without confirmation, unless the
>> user customizes the confirmation query to non-default.
>
> That is nice to know. It opens doors for browsing Org files within Emacs.
On 15/12/2022 16:10, Ihor Radchenko wrote:
> In future release, we may go for more powerful prompt as discussed in
> https://orgmode.org/list/8735cyxonl.fsf@localhost
Single prompt for whole bunch of code related to particular block was
not discussed in that thread, that time the issue was not as sever as
now. By the way, is it reliable to use (buffer-file-name
(buffer-base-buffer)) in `org-confirm-babel-evaluate' to determine if
some file resides in a "safe" directory? It may be discussed in that thread.
I believe that :var code is equally dangerous to the source block body.
However while nobody pushes Org as a web browser format, it is better to
implement a transparent and consistent approach to prevention of
non-trusted code execution.
next prev parent reply other threads:[~2022-12-15 12:11 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-10 20:28 [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable Tom Gillespie
2022-12-11 2:58 ` Max Nikulin
2022-12-11 20:27 ` Tom Gillespie
2022-12-11 20:37 ` Tom Gillespie
2022-12-11 20:46 ` Kyle Meyer
2022-12-11 21:08 ` Tom Gillespie
2022-12-12 10:20 ` Ihor Radchenko
2022-12-13 1:53 ` Tom Gillespie
2022-12-13 9:03 ` Ihor Radchenko
2022-12-13 16:31 ` Max Nikulin
2022-12-13 21:16 ` Tom Gillespie
2022-12-14 16:40 ` Max Nikulin
2022-12-14 18:24 ` Tom Gillespie
2022-12-15 9:18 ` Ihor Radchenko
2022-12-15 9:25 ` Tom Gillespie
2022-12-15 9:57 ` tomas
2022-12-15 9:10 ` Ihor Radchenko
2022-12-15 12:10 ` Max Nikulin [this message]
2022-12-15 12:25 ` Ihor Radchenko
2022-12-15 14:46 ` Max Nikulin
2022-12-15 21:08 ` Tim Cross
2022-12-16 6:07 ` Ihor Radchenko
2022-12-16 7:22 ` Tim Cross
2022-12-18 14:19 ` Ihor Radchenko
2022-12-18 21:37 ` Tim Cross
2022-12-20 0:00 ` Tom Gillespie
2022-12-20 0:06 ` Tom Gillespie
2022-12-25 11:00 ` Ihor Radchenko
2022-12-18 14:12 ` Ihor Radchenko
2022-12-25 11:06 ` Ihor Radchenko
2022-12-29 15:58 ` Bastien Guerry
2022-12-29 16:33 ` Max Nikulin
2022-12-29 16:35 ` Ihor Radchenko
2022-12-30 8:52 ` Bastien
2022-12-30 11:10 ` Max Nikulin
2022-12-30 17:43 ` Tom Gillespie
2022-12-31 13:48 ` Ihor Radchenko
2022-12-31 16:15 ` Tom Gillespie
2023-01-02 8:34 ` [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable) Ihor Radchenko
2023-01-02 10:59 ` [SECURITY] Arbitrary code evaluation security in Org Greg Minshall
2023-01-03 9:52 ` [SECURITY] Tangling can overwrite arbitrary tangling targets, including important user files (was: [SECURITY] Arbitrary code evaluation security in Org) Ihor Radchenko
2023-01-02 19:00 ` [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable) Tim Cross
2023-01-03 11:00 ` Ihor Radchenko
2023-01-07 13:12 ` Ihor Radchenko
2023-01-02 15:13 ` [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable Bastien Guerry
2023-01-02 15:17 ` Ihor Radchenko
2023-01-02 15:15 ` Bastien
2022-12-13 4:16 ` Kyle Meyer
2022-12-13 16:15 ` Max Nikulin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='tnf2rp$66i$1@ciao.gmane.io' \
--to=manikulin@gmail.com \
--cc=emacs-orgmode@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).