[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SECURITY] Arbitrary code evaluation security in Org
From: |
Greg Minshall |
Subject: |
Re: [SECURITY] Arbitrary code evaluation security in Org |
Date: |
Mon, 02 Jan 2023 13:59:16 +0300 |
Ihor,
thanks for this.
one additional item (i don't *think* we discussed this before; apologies
if i'm forgetting): tangling. if one is prompted to "merely" tangle ...
----
#+begin_src sh :tangle /var/tmp/foo.org.tangled
echo 'hi!'
#+end_src
----
one could imagine more sinister scenarios for destination, content.
i don't really know what, how much, to do. possibly just an option,
defaulting to =nil=, allowing tangle to write a file outside the subtree
that holds the .org file being tangled.
cheers, Greg