GNU logs - #48676, boring messages


Message sent to bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#48676: Arbitrary code execution in Org export macros
Resent-From: Glenn Morris <rgm@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN
Resent-Date: Wed, 26 May 2021 15:53:01 +0000
Resent-Message-ID: <handler.48676.B.16220443347525 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 48676
X-GNU-PR-Package: emacs,org-mode
X-GNU-PR-Keywords: security
To: 48676 <at> debbugs.gnu.org
X-Debbugs-Original-To: submit <at> debbugs.gnu.org
Received: via spool by submit <at> debbugs.gnu.org id=B.16220443347525
          (code B ref -1); Wed, 26 May 2021 15:53:01 +0000
Received: (at submit) by debbugs.gnu.org; 26 May 2021 15:52:14 +0000
Received: from localhost ([127.0.0.1]:49761 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1llvpO-0001xI-0e
	for submit <at> debbugs.gnu.org; Wed, 26 May 2021 11:52:14 -0400
Received: from eggs.gnu.org ([209.51.188.92]:36614)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rgm@HIDDEN>) id 1llvpM-0001x5-2Q
 for submit <at> debbugs.gnu.org; Wed, 26 May 2021 11:52:12 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:37996)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <rgm@HIDDEN>) id 1llvpG-0003g6-QR
 for submit <at> debbugs.gnu.org; Wed, 26 May 2021 11:52:06 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.90_1)
 (envelope-from <rgm@HIDDEN>)
 id 1llvpE-0007OY-SY; Wed, 26 May 2021 11:52:05 -0400
From: Glenn Morris <rgm@HIDDEN>
X-Spook: Ruby Ridge Snow Intiso Minox JPL BND BMDO Beltran-Leyva
X-Ran: AEID5HY`jU\**5u#\,;a=Md@p)X[{jh1|>Dh9Gmj4A8F`=]fNlt%R?eV0nq6_]-IWnFQ-O
X-Hue: black
X-Attribution: GM
Date: Wed, 26 May 2021 11:52:04 -0400
Message-ID: <2nk0nl7asb.fsf@HIDDEN>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Package: emacs,org-mode
Version: 28.0.50
Severity: important
Tags: security

emacs -Q hello.org, where hello.org contains:

#+macro: hello (eval (shell-command-to-string "touch /tmp/HELLO"))
Hello. {{{hello}}}

Then:
M-x org-export-dispatch
t A

-> now /tmp/HELLO exist, with no prompting.

This seems contrary to normal Emacs practice for risky local variables,
and to the section "Code Evaluation and Security Issues" in the Org manual
(which does not mention macros).





Message sent to bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#48676: Arbitrary code execution in Org export macros
Resent-From: Tom Gillespie <tgbugs@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN
Resent-Date: Wed, 26 May 2021 18:01:02 +0000
Resent-Message-ID: <handler.48676.B48676.162205202922627 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 48676
X-GNU-PR-Package: emacs,org-mode
X-GNU-PR-Keywords: security
To: Timothy <tecosaur@HIDDEN>
Cc: rgm@HIDDEN, 48676 <at> debbugs.gnu.org
X-Debbugs-Original-Cc: Glenn Morris <rgm@HIDDEN>, 48676 <at> debbugs.gnu.org, emacs-orgmode <emacs-orgmode@HIDDEN>
Received: via spool by 48676-submit <at> debbugs.gnu.org id=B48676.162205202922627
          (code B ref 48676); Wed, 26 May 2021 18:01:02 +0000
Received: (at 48676) by debbugs.gnu.org; 26 May 2021 18:00:29 +0000
Received: from localhost ([127.0.0.1]:49867 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1llxpU-0005sW-RR
	for submit <at> debbugs.gnu.org; Wed, 26 May 2021 14:00:29 -0400
Received: from mail-wm1-f53.google.com ([209.85.128.53]:52868)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <tgbugs@HIDDEN>) id 1llxpS-0005lR-VM
 for 48676 <at> debbugs.gnu.org; Wed, 26 May 2021 14:00:27 -0400
Received: by mail-wm1-f53.google.com with SMTP id z130so1235014wmg.2
 for <48676 <at> debbugs.gnu.org>; Wed, 26 May 2021 11:00:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=n9MlvkpcSOs33tOeMuyToLKZBoVys6xJSJkK8dmolDE=;
 b=DpZi9o6PMlY3HAdV0Vr4rGXGa350OeXj9aGog2m/XpuOxXGHMOEHGBT8ms9zA+rgG9
 ogNoeBlePVUs+8wZ7ha4pFbzLAgztF9CTdYNffSdBRghqDKoZeimTXd0BxYxwJZ67aVv
 pq9dADxPeeDLE7B+3rdRAFhkBVqpmCkcNZ4MKvGx+aaYQzklmNa7OShoJm+wpCyqqg+r
 Lj/8dNkbbKcpxaryy0+Yszv5hLQZtt46j6/GeufwSMK69ZrZ24/YxLL8gJDE4RMeOWcj
 Ewx/Hjzyif/72iv8ZrR8INujDAU+C6KQ+Eq5e5HZU1wLwtFy3coEbsgYx5PHc5VUk7OO
 5TaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=n9MlvkpcSOs33tOeMuyToLKZBoVys6xJSJkK8dmolDE=;
 b=T8JtaJZwD8NXv5ONi+v/dQjXfJzL8Z6Yw63+qwMzKYLTboaMmY+W4NjQbhGmCU/oeF
 pV+Xi6xCUxe1lVu4qjgD42gi/sWXzUkyqgTewoO0B+qdwzYZ2lTw1s/KCcJX3+3njNyW
 fjVbOiA2yoSJZ9vaz90/aB1gF3TZx4ubx5P+8OpprTga71s4TtOCFkUyInM8KXCv1huq
 7+klCKAa3xOIBbaS0P4kIITsZMqt2AjB1+jNT6MrU+daY5RJDgiaj8FZyKIQ3uaNYAih
 ZI5cmt0x7MJ5GfUaeUWYZFUbIRFdlZ/4I+6eHbYOPLCM513AQJe8DBAxcZmSCsbSz75a
 x0WQ==
X-Gm-Message-State: AOAM530Xfupfkf+Kcuu25M+TxMxv3/FJl7Jqa4vUiRkKppOjCNcCnc4w
 PUFlWyUJJPgCe1GkGzyK3vhvyn/V3wC1tQ0ffhw=
X-Google-Smtp-Source: ABdhPJwfrGdSt7zLEoxZtoWLSPtmVBaY71Y9zc1JFJbi5QqDWgslW0w4LbaKg3Z1Wlju1fGSS9x7QhDmyH45CSTZ9m0=
X-Received: by 2002:a1c:c911:: with SMTP id f17mr30720631wmb.45.1622052020840; 
 Wed, 26 May 2021 11:00:20 -0700 (PDT)
MIME-Version: 1.0
References: <2nk0nl7asb.fsf@HIDDEN> <87mtsho240.fsf@HIDDEN>
In-Reply-To: <87mtsho240.fsf@HIDDEN>
From: Tom Gillespie <tgbugs@HIDDEN>
Date: Wed, 26 May 2021 11:00:09 -0700
Message-ID: <CA+G3_PN-2Kir-YJ=BToXMS69K+Oj2G55EKASAt-7gqHMmnM_rg@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Glenn,
     The definition for local variables doesn't cover things like org
macros, though the spirit of the policy is something worth keeping in
mind. Running M-x org-export-dispatch and hitting two keys means that
the user has to do something to trigger code execution, much like they
would have to intentionally accept certain risky local variables.

That said, the fact that many org operations can run arbitrary code is
definitely something that needs clearer documentation. It might make
sense to add a setting to detect closures that appear in org files to
ask for permission before running, but it likely should not be on by
default.

For a fairly extensive discussion of code execution in org see this
thread from Nov 2020.
https://orgmode.org/list/robi94$ma$1@HIDDEN/#t
Best,
Tom




Message sent to bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#48676: Arbitrary code execution in Org export macros
Resent-From: Timothy <tecosaur@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN
Resent-Date: Wed, 26 May 2021 18:24:02 +0000
Resent-Message-ID: <handler.48676.B48676.162205343231581 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 48676
X-GNU-PR-Package: emacs,org-mode
X-GNU-PR-Keywords: security
To: Glenn Morris <rgm@HIDDEN>
Cc: 48676 <at> debbugs.gnu.org
X-Debbugs-Original-Cc: 48676 <at> debbugs.gnu.org, emacs-orgmode@HIDDEN
Received: via spool by 48676-submit <at> debbugs.gnu.org id=B48676.162205343231581
          (code B ref 48676); Wed, 26 May 2021 18:24:02 +0000
Received: (at 48676) by debbugs.gnu.org; 26 May 2021 18:23:52 +0000
Received: from localhost ([127.0.0.1]:49897 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1llyC7-0008DH-LM
	for submit <at> debbugs.gnu.org; Wed, 26 May 2021 14:23:52 -0400
Received: from mail-pj1-f48.google.com ([209.85.216.48]:43601)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <tecosaur@HIDDEN>) id 1llx0L-00042k-I6
 for 48676 <at> debbugs.gnu.org; Wed, 26 May 2021 13:07:40 -0400
Received: by mail-pj1-f48.google.com with SMTP id
 ep16-20020a17090ae650b029015d00f578a8so721070pjb.2
 for <48676 <at> debbugs.gnu.org>; Wed, 26 May 2021 10:07:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=references:user-agent:from:to:cc:subject:in-reply-to:message-id
 :date:mime-version;
 bh=+VvLj+D+39pXou7UlH1yiTznCzqmGqMWezWI4DFfVHM=;
 b=aV1BoZAfPbvl31/K3dSQcUgA2kk1mlPYW0nMCxdO89VSUl8lxMlouwaqlXZvLSe/NH
 PX4rDYM/Jae0Qc5DW4hHCGgy1LZVtFX8hWb8FOLcm2Mh0kWl45bEc9Ft5NkDnzj2rEHo
 o+SX6k7H1v1t7JSTzlO4dhvL9eq5vTD1QfGFjR/Vl7qCHtwEnes3CSbZw29ckE+631Se
 +GuaK6cBxW9LaBYv3I3WOCqBmAaoW8UqV49f29p44ToWt+37KJKD+YWZgqRsEq+6oyk9
 4GekQoKaCIDbR/TwqfMvlz4w5vEQHqTKnIoGrF/N1+/c12rfA9+ZSOuSeO1yX5afHR2M
 DUNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:references:user-agent:from:to:cc:subject
 :in-reply-to:message-id:date:mime-version;
 bh=+VvLj+D+39pXou7UlH1yiTznCzqmGqMWezWI4DFfVHM=;
 b=E3w1rHetHa+r9vagEImv5MjI6/Y3Pf0Nx5+AXB0sFjxXG7m4amCv5WPGFVU+xDCNm1
 dMwNjYndVmHBktv/55U1JHzEHZ+YWhqHVDfCIPSWCkHJqPiccK98ozKmWPy0KeWkT1di
 0XuLqmroC58YbvUxzHe+NkjFeE2Xm2w+TPBfT32Nbqul9fyMzmSzTrsQiudi3E8BsPR1
 HnqUU0kDLKOsW9NcHlbWkrjZJEiL0jtlJGvO+oOL9E0T1Mywe5buwf41ZKB73UP2m2Ms
 HyeEvRoUerDYZGBpi4K9iiuamAWxv6DSDVZdapTE7luywty/4UrB7GUlRomUy+NKBO2D
 BUNg==
X-Gm-Message-State: AOAM533tw1UsYBUfOP2+iGP3gTHFpWGkjq6vTVIuMvfwQfwE/Pwe1hF6
 DPdsyqxr5dQZJChrSvLQYj0=
X-Google-Smtp-Source: ABdhPJwKPEOMK86BSRORQ2HK8siD7Ef35IT85Y40tsV1sKkaWODJ9sCtoibvV6KRmZ1f3HEr1srNXw==
X-Received: by 2002:a17:902:a586:b029:fe:459b:2ce0 with SMTP id
 az6-20020a170902a586b02900fe459b2ce0mr996265plb.40.1622048851677; 
 Wed, 26 May 2021 10:07:31 -0700 (PDT)
Received: from localhost (180-150-91-8.b4965b.per.nbn.aussiebb.net.
 [180.150.91.8])
 by smtp.gmail.com with ESMTPSA id r5sm4730962pjd.2.2021.05.26.10.07.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 26 May 2021 10:07:31 -0700 (PDT)
References: <2nk0nl7asb.fsf@HIDDEN>
User-agent: mu4e 1.4.15; emacs 28.0.50
From: Timothy <tecosaur@HIDDEN>
In-reply-to: <2nk0nl7asb.fsf@HIDDEN>
Message-ID: <87mtsho240.fsf@HIDDEN>
Date: Thu, 27 May 2021 01:07:27 +0800
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Mailman-Approved-At: Wed, 26 May 2021 14:23:50 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


Thanks for reporting this.

Glenn Morris <rgm@HIDDEN> writes:

> This seems contrary to normal Emacs practice for risky local variables,

Hmm, correct me if I'm wrong but the issue with risky local variables is
that they affect Emacs before the user sees them in the file? If this is
an important distinction, it means this particular type of concern does
not apply to Org #+macro statements, as they are not executed when the
user opens the file.

That said, if one were making say an automated Org file exporter or
something, I could see this being problematic. Perhaps a var set to
allow macros by default could be a good idea.

> and to the section "Code Evaluation and Security Issues" in the Org manual
> (which does not mention macros).

Looks like this should be updated regardless of the above.

--
Timothy




Message sent to bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#48676: Arbitrary code execution in Org export macros
References: <2nk0nl7asb.fsf@HIDDEN>
Resent-From: Greg Minshall <minshall@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@HIDDEN, emacs-orgmode@HIDDEN
Resent-Date: Thu, 27 May 2021 02:55:02 +0000
Resent-Message-ID: <handler.48676.B48676.16220840597723 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 48676
X-GNU-PR-Package: emacs,org-mode
X-GNU-PR-Keywords: security
To: Glenn Morris <rgm@HIDDEN>
Cc: 48676 <at> debbugs.gnu.org
Received: via spool by 48676-submit <at> debbugs.gnu.org id=B48676.16220840597723
          (code B ref 48676); Thu, 27 May 2021 02:55:02 +0000
Received: (at 48676) by debbugs.gnu.org; 27 May 2021 02:54:19 +0000
Received: from localhost ([127.0.0.1]:50376 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lm6A6-00020V-SP
	for submit <at> debbugs.gnu.org; Wed, 26 May 2021 22:54:19 -0400
Received: from relay-egress-host.us-east-2.a.mail.umich.edu
 ([18.219.209.13]:48318 helo=joyful-pryderi.relay-egress.a.mail.umich.edu)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <minshall@HIDDEN>) id 1lm6A4-00020I-Fs
 for 48676 <at> debbugs.gnu.org; Wed, 26 May 2021 22:54:16 -0400
Received: from shaggy-alux.authn-relay.a.mail.umich.edu
 (ip-10-0-74-243.us-east-2.compute.internal [10.0.74.243])
 by joyful-pryderi.relay-egress.a.mail.umich.edu with ESMTPS
 id 60AF09D2.B252B.7065D8E5.1224308; Wed, 26 May 2021 22:54:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu;
 s=relay-2018-08-29; t=1622084050;
 bh=jeJ3Nq/QViL185aDFTFzng7gdFvbeZlA4oMvc2Z0hf0=;
 h=From:To:cc:Subject:In-reply-to:Date;
 b=Cf1/YxGU/rDGwNOwfd0GMptAJllg+JJkwhy0+pt5Ryios+hDaV1MefAE98BbMHKnq
 YCbD9DIVV8KTOfJNDNFH77QoqAyeK4zPCGaFc2hbUHpihLhwNs2qpBFKksGJgi/obe
 A9Iei4M7VwEIDZAq7calka5EM8ZKYuYroQpizbofeihG9/+CSBby5YRkVUpknfcGg7
 O/7SfZqJ0Fz4XsdWytvae+2eJpyMfvP9S2fxFs951zroevee6MBPBbwq55qf9WTACg
 AZRBxEx3zeEBijmooNA5YWv8p9DdOixgTtcLzfPnyhhp8qPP+LB92cMl2dENnlFHGX
 yBnzwvOuGweGA==
Authentication-Results: shaggy-alux.authn-relay.a.mail.umich.edu; 
 iprev=fail policy.iprev=88.236.240.114 (Mismatch);
 auth=pass smtp.auth=minshall
Received: from localhost (Mismatch [88.236.240.114])
 by shaggy-alux.authn-relay.a.mail.umich.edu with ESMTPSA
 id 60AF09CF.F13A9.DE8AB7C.1769026; Wed, 26 May 2021 22:54:08 -0400
From: Greg Minshall <minshall@HIDDEN>
In-reply-to: Your message of "Wed, 26 May 2021 11:52:04 -0400."
 <2nk0nl7asb.fsf@HIDDEN>
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 27.2
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4005253.1622084044.1@HIDDEN>
Date: Thu, 27 May 2021 05:54:04 +0300
Message-ID: <4005254.1622084044@HIDDEN>
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Glenn,

thanks for the report.

i guess my take is that macro-evaluation, and that of other forms,
should be subject to the same restrictions as that of source block
evaluation.  i.e., prompting for permission to execute, subject to
=org-confirm-babel-evaluate= (or, more specific variables).

cheers, Greg

> Package: emacs,org-mode
> Version: 28.0.50
> Severity: important
> Tags: security
> 
> emacs -Q hello.org, where hello.org contains:
> 
> #+macro: hello (eval (shell-command-to-string "touch /tmp/HELLO"))
> Hello. {{{hello}}}
> 
> Then:
> M-x org-export-dispatch
> t A
> 
> -> now /tmp/HELLO exist, with no prompting.
> 
> This seems contrary to normal Emacs practice for risky local variables,
> and to the section "Code Evaluation and Security Issues" in the Org manual
> (which does not mention macros).





Last modified: Thu, 27 May 2021 03:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.