[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[O] Bug: org-attach-directory should be safe [9.1.3 (9.1.3-10-gadfbfd-el

From: Allen Li
Subject: [O] Bug: org-attach-directory should be safe [9.1.3 (9.1.3-10-gadfbfd-elpaplus @ /home/ionasal/.emacs.d/elpa/org-plus-contrib-20171127/)]
Date: Sun, 3 Dec 2017 15:35:05 -0800

org-attach-directory should be safe to set as a file local or
directory local string.

This allows the user to set a directory local attachment directory for
all Org files in a directory tree recursively.

I do not believe there are any security issues to enable arbitrary Org
files to set org-attach-directory to a string value as the user would
have to explicitly initiate any attach operations.  The most dangerous
thing I can think of is an Org file setting the attachment directory
to the user's home directory and the user running the command to
delete all attachments.

Note that org-attach already allows setting the attachment directory
on a headline basis, this would just allow setting the attachment
directory on a file or directory basis.  It can be argued that the
existing functionality makes it more visible if a malicious Org file
sets a dangerous attachment path (a property on the headline vs a file
local variable or dir-locals file).  org-attach already mentions that
deleting all attachments is potentially dangerous and recommends
deleting through Dired.  Deleting through Dired would make it
impossible for a user to not notice that a malicious Org file has set
the attachment directory to something undesirable.

Emacs  : GNU Emacs 25.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.19)
 of 2017-09-16
Package: Org mode version 9.1.3 (9.1.3-10-gadfbfd-elpaplus @

reply via email to

[Prev in Thread] Current Thread [Next in Thread]