[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [POLL] We plan to remove #+LINK: ...%(my-function) placeholder from
|
From: |
Suhail Singh |
|
Subject: |
Re: [POLL] We plan to remove #+LINK: ...%(my-function) placeholder from link abbreviation spec |
|
Date: |
Fri, 28 Jun 2024 12:45:30 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Steven Allen <steven@stebalien.com> writes:
> 1. While this feature no longer invokes completely arbitrary code, it
> still allows an attacker to call any function marked as "pure" which
> is a pretty large attack surface.
I am struggling to assess this, because it's not clear to me what the
threat model is. Could you please elaborate? How are the attacker and
potential victim interacting; what is the attack vector(s); who are the
threat agents and what is their goal that we are trying to guard
against, etc?
> You can, of course, write that function; but then you might as well
> use org-link-abbrev-alist instead of defining a local #+LINK.
Perhaps I misunderstood, I thought the thing being polled was whether or
not to allow org-link-abbrev-alist to have REPLACE (per its docstring)
be a function. I.e., if %(my-function) is removed, so too would the
ability to have a function in the REPLACE position in
org-link-abbrev-alist. Did I misunderstand?
--
Suhail
- Re: [ANN] Emergency bugfix release: Org mode 9.7.5, (continued)
[POLL] Bug of Feature? Attack vector via deceiving link abbrevs (was: [ANN] Emergency bugfix release: Org mode 9.7.5), Ihor Radchenko, 2024/06/28