On 26/10/2022 15:21, Jean Louis wrote:
(defun browse-safe-url (url &optional arg)
----------------^^^^
"Browse URL with b"
(let ((username "joedoe")) ;; different username than my own
;; Insecurity settings for personal DISPLAY only
(shell-command "xhost +")
;; Browse URL with different username
(async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c"
(format "exec iceweasel \"%s\"" url))))
-------------------------------------------------^^^^^^
Do not name "safe" a function having security vulnerabilities. Leaving
aside XAuth issues, it allows arbitrary command execution if URL for
some reason is not properly percent-encoded.
Do you think your reasoning related to security is still convincing?
If you were just requested mapping of Content-Type to some mode in eww,
perhaps it would pass. You demanded Org mode configured by default. Org
have enough means to execute arbitrary code with minimal efforts from
user side. E.g. value of table cell may be recalculated.
Org files originating from non-trusted sources must be carefully
evaluated before opening them in Emacs.
Sometimes Org developer and maintainers do not have enough resources to
react to security-related reports. An issue not so dangerous in the
current state becomes really weird if Org mode becomes a default handler
for files fetched from net.
You may fight for your right to freely shoot your legs but you must be
careful enough to not injury people around. Reputation of Emacs may be
significantly affected by the requested change.
I am strongly against Org mode as a default handler for files downloaded
from web sites. Eww user option, if implemented, should have prominent
warning that particular mode may not be ready for such usage and each
case should be carefully evaluated for security issues.
