On 15/12/2022 19:25, Ihor Radchenko wrote:
Max Nikulin writes:

I would consider reverting the commit causing user prompt for every
variable.

I disagree. If anything, we can set the default value of
`org-confirm-babel-evaluate-cell' to nil and apply this patch.

Then, we can get the old behaviour back yet allowing concerned users to
have more security.

I am leaving it up to you. Form my point of view it will be dead code that increases complexity with no practical outcome. Unfortunately setting `org-confirm-babel-evaluate-cell' to anything other than nil results in annoyance rather than security.

Perhaps advising `org-babel-execute-src-block' with `y-or-n-p' is a better treatment for my paranoia.

This patch does not only affect src blocks. It affects all the users of
`org-babel-read'.

Mostly it is called with INHIBIT-LISP-EVAL set to t.

https://list.orgmode.org/Y1uFDWOjZb85lk+3@protected.localdomain
Re: [BUG][Security] begin_src :var evaluated before the prompt to
confirm execution

How is it related to the current discussion?
The purpose of the security feature discussed here is not for web
browsers or anything like that.

I am not going to add malicious source blocks to my private org files. For some code it is better to have a prompt, but generally the issue is not excessively important. I tend to inspect org files fetched from net in some other application at first (browser, less, or vim).

Accidental evaluation of code is a real danger for those who insist on opening links to org file directly in emacs or even propose to use org as a kind of browser. I raised the security issue in response to passionate messages demanding direct ways to work with org files from the web. I decided to remind the context with hope that it would help to reevaluate severity of the issue.

I do not have a better proposal, but I think I see movement in a wrong direction.



Reply via email to