emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY] Arbitrary code evaluation security in Org


From: Greg Minshall
Subject: Re: [SECURITY] Arbitrary code evaluation security in Org
Date: Mon, 02 Jan 2023 13:59:16 +0300

Ihor,

thanks for this.

one additional item (i don't *think* we discussed this before; apologies
if i'm forgetting): tangling.  if one is prompted to "merely" tangle ...
----
#+begin_src sh :tangle /var/tmp/foo.org.tangled
  echo 'hi!'
#+end_src
----

one could imagine more sinister scenarios for destination, content.

i don't really know what, how much, to do.  possibly just an option,
defaulting to =nil=, allowing tangle to write a file outside the subtree
that holds the .org file being tangled.

cheers, Greg



reply via email to

[Prev in Thread] Current Thread [Next in Thread]