[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] o
|
From: |
Ihor Radchenko |
|
Subject: |
Re: [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable) |
|
Date: |
Sat, 07 Jan 2023 13:12:29 +0000 |
Ihor Radchenko <yantar92@posteo.net> writes:
>> I do wonder if the idea of a document classification model and some form
>> of heuristic algorithms to handle default document classification might
>> be useful.
>
> I do not think that we need to go in this direction.
> I doubt that we are qualified to get the heuristics right.
> Such things should either be maintained in Emacs core or not provided at
> all to not create false sense of security.
And I was wrong.
There is `unsafep' and `safe-functions' customization, which we can
utilize.
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>