GNU bug report logs - #58774
29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly

Previous Next

Package: emacs;

Reported by: Jean Louis <bugs <at> gnu.support>

Date: Tue, 25 Oct 2022 12:13:02 UTC

Severity: wishlist

Tags: wontfix

Found in version 29.0.50

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ihor Radchenko <yantar92 <at> posteo.net>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: 58774 <at> debbugs.gnu.org, "Dr. Arne Babenhauserheide" <arne_bab <at> web.de>, emacs-orgmode <at> gnu.org, bugs <at> gnu.support
Subject: bug#58774: 29.0.50; [WISH]: Let us make EWW browse WWW Org files correctly
Date: Wed, 26 Oct 2022 06:52:56 +0000

Stefan Kangas <stefankangas <at> gmail.com> writes:

> Ihor Radchenko <yantar92 <at> posteo.net> writes:
>
>> The "problem" with shell links you are describing is a question of
>> setting variables and is also disabled by default.
>>
>> eww-mode, when loading Org page, could simply set
>> org-link-shell-confirm-function to its default value.
>
> Note that with the suggested feature, any link you follow risks being
> loaded in Org mode, before the user even has a chance to inspect the
> file.  Which Org features, currently existing or introduced in the
> future, would EWW have to add workarounds for?

That's not the case. Org never loads arbitrary code on loading the file
without querying the user.

The problem raised above is what happens when user tries to open a shell
link and _also_ customized org-link-shell-confirm-function to nil (which
is explicitly marked as dangerous option).

Strictly speaking, even eww-mode may run arbitrary code given that user
puts something into eww-mode-hook.

> It is very hard to foresee which parts of Org will be problematic and
> have to be disabled.  See the security vulnerability in enriched-mode
> that prompted the release of Emacs 25.3, for example.
>
> Adding this opens a can of worms that will expose unsuspecting users to
> a whole class of new problems.  And the only benefit is to save some
> users from having to type "M-x org-mode RET", or adding call to a
> suitable hook.

I'd say that it will be safer to take care about necessary precautions
rather than leaving the user with the only option to run org-mode
manually.

If necessary, we can introduce a special variable in Org mode that will
disable all the potential third-party code evaluation, even if user has
customized Org to execute code without prompt.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
This bug report was last modified 1 year and 259 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.