From: Tim Cross <theophilusx@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: Thoughts on the standardization of Org
Date: Tue, 10 Nov 2020 08:46:22 +1100 [thread overview]
Message-ID: <877dqujj9t.fsf@gmail.com> (raw)
In-Reply-To: <robi94$ma$1@ciao.gmane.io>
Maxim Nikulin <manikulin@gmail.com> writes:
> 2020-11-08 Jean Louis wrote:
>> That is right, I am using it since years in ~/.mailcap that works well
>> for mutt email client.
>>
>> text/org; emacsclient %s; nametemplate=%s.org;
>> text/x-org; emacsclient %s; nametemplate=%s.org;
>
> Just for curiosity, couldn't it lead to execution of arbitrary code
> placed into elisp table expressions, some macro, etc.? I have not
> convinced myself that just opening of a file (without executing of src
> blocks) is safe enough and there no dangerous #+startup options or other
> tricks. Emacs is too powerful and too flexible...
By default, it is pretty safe. While you can customize things in such a
way as to expose you to additional danger, you have to explicitly do
that.
There is a risk with many MIME types, for example images, word and excel
documents etc. Even HTML can be a threat, especially if your mail reader
supports JS and is not well engineered with security checks.
No email can be considered 100% safe. However, in addition to the
possible security consequences, you also have to consider the
likelihood. The effort it takes to craft a malicious payload needs some
sort of reward and while that reward might be as trivial as just causing
mayhem, the relatively small user base for org compared to other MIME
types is unlikely to make it an attractive mechanism. You are more
likely to choose something more popular to put your efforts into.
--
Tim Cross
next prev parent reply other threads:[~2020-11-09 21:50 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-01 0:22 Thoughts on the standardization of Org Asa Zeren
2020-11-01 0:40 ` Dr. Arne Babenhauserheide
2020-11-01 3:08 ` Asa Zeren
2020-11-01 4:23 ` Pankaj Jangid
2020-11-01 7:54 ` Tim Cross
2020-11-01 2:28 ` Tim Cross
2020-11-01 3:39 ` Pankaj Jangid
2020-11-02 12:39 ` Eric S Fraga
2020-11-02 14:22 ` Greg Minshall
2020-11-02 14:56 ` Eric S Fraga
2020-11-02 15:23 ` Russell Adams
2020-11-02 15:31 ` TEC
2020-11-02 15:48 ` Eric S Fraga
2020-11-02 16:27 ` Carsten Dominik
2020-11-02 22:05 ` Tim Cross
2020-11-03 3:29 ` Greg Minshall
2020-11-01 5:20 ` Tom Gillespie
2020-11-01 10:25 ` Dr. Arne Babenhauserheide
2020-11-01 10:28 ` TEC
2020-11-01 18:02 ` Jack Kamm
2020-11-01 16:03 ` Asa Zeren
2020-11-01 17:27 ` Dr. Arne Babenhauserheide
2020-11-01 17:29 ` TEC
2020-11-01 18:43 ` Asa Zeren
2020-11-01 6:24 ` TEC
2020-11-01 16:13 ` Russell Adams
2020-11-01 19:46 ` Daniele Nicolodi
2020-11-01 23:10 ` Dr. Arne Babenhauserheide
2020-11-02 8:37 ` Daniele Nicolodi
2020-11-02 9:02 ` TEC
2020-11-02 11:04 ` Daniele Nicolodi
2020-11-02 13:43 ` TEC
2020-11-07 21:20 ` Jean Louis
2020-11-09 14:04 ` Maxim Nikulin
2020-11-09 15:57 ` Daniele Nicolodi
2020-11-09 15:59 ` Jean Louis
2020-11-10 16:19 ` Maxim Nikulin
2020-11-10 20:22 ` Jean Louis
2020-11-10 23:08 ` Tom Gillespie
2020-11-11 0:00 ` Tim Cross
2020-11-09 21:46 ` Tim Cross [this message]
2020-11-09 22:45 ` Emails are not safe - " Jean Louis
2020-11-10 4:13 ` Greg Minshall
2020-11-10 4:49 ` Tim Cross
2020-11-10 7:12 ` Greg Minshall
2020-11-10 16:29 ` Maxim Nikulin
2020-11-10 20:35 ` Jean Louis
2020-11-10 22:30 ` Tim Cross
2020-11-11 5:03 ` Jean Louis
2020-11-11 6:40 ` Tim Cross
2020-11-27 16:49 ` Maxim Nikulin
2020-11-27 17:16 ` Jean Louis
2020-11-11 17:10 ` Maxim Nikulin
2020-11-11 17:34 ` Jean Louis
2020-11-12 3:39 ` Greg Minshall
2020-11-11 3:49 ` Greg Minshall
2020-11-02 9:53 ` Dr. Arne Babenhauserheide
2020-11-02 1:17 ` Ken Mankoff
2020-11-02 8:12 ` Russell Adams
2020-11-02 9:57 ` Dr. Arne Babenhauserheide
2020-11-03 8:24 ` David Rogers
2020-11-03 12:14 ` Ken Mankoff
2020-11-03 12:27 ` Russell Adams
2020-11-03 13:00 ` Eric S Fraga
2020-11-03 13:31 ` Ken Mankoff
2020-11-03 15:03 ` Eric S Fraga
2020-11-03 20:27 ` TEC
2020-11-03 14:38 ` Devin Prater
2020-11-03 22:03 ` David Rogers
-- strict thread matches above, loose matches on Subject: below --
2020-11-01 13:34 Gustav Wikström
2020-11-01 18:39 Asa Zeren
2020-11-03 22:30 Asa Zeren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877dqujj9t.fsf@gmail.com \
--to=theophilusx@gmail.com \
--cc=emacs-orgmode@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).