[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [O] [PATCH 1/3] Mark ox-latex variables safe locals under proper con
|
From: |
Aaron Ecay |
|
Subject: |
Re: [O] [PATCH 1/3] Mark ox-latex variables safe locals under proper conditions |
|
Date: |
Wed, 30 Oct 2013 00:15:25 -0400 |
|
User-agent: |
Notmuch/0.16+113~g516efb7 (http://notmuchmail.org) Emacs/24.3.50.1 (x86_64-unknown-linux-gnu) |
Hi Nicolas,
2013ko urriak 29an, Nicolas Goaziou-ek idatzi zuen:
[...]
>
> Thanks for the patch. It is interesting.
>
> Out of curiosity, why did you skip other variables (e.g.
> org-latex-footnote-separator)?
Because these variables insert arbitrary latex code into the export
output, they could be put to nefarious purposes. If I can trick you
into compiling a latex document that I’ve inserted malicious code into,
AND into passing a particular non-default command line flag to latex,
then I can execute arbitrary shell commands on your machine with your
privileges.
Since this requires user intervention in the form of specifying an
additional command line flag, it could be argued that there is no
security breach in allowing potentially malicious code into an export
file – it will fail to have its desired bad effect without the user
taking further steps to weaken security.* But it is in some sense a
lessening of security. I think the community has to decide what is an
acceptable level of risk.
One intermediate option would be to not mark these string-valued variables as
safe by default, but let users opt in to marking them safe with a function
like the following, which users could choose to call in their init file:
(defun org-live-dangerously ()
(dolist (var '(org-latex-footnote-separator etc...))
(put var 'safe-local-variable #'stringp)))
Aaron
* But several latex tools, including minted, which org supports, use
this shell command functionality for benign purposes. So many users are
probably used to turning it on, and perhaps even have configurations
that enable it by default.
--
Aaron Ecay