[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Emails are not safe - Re: Thoughts on the standardization of Org
From: |
Jean Louis |
Subject: |
Emails are not safe - Re: Thoughts on the standardization of Org |
Date: |
Tue, 10 Nov 2020 01:45:54 +0300 |
User-agent: |
Mutt/2.0 (3d08634) (2020-11-07) |
* Tim Cross <theophilusx@gmail.com> [2020-11-10 00:50]:
>
> Maxim Nikulin <manikulin@gmail.com> writes:
>
> > 2020-11-08 Jean Louis wrote:
> >> That is right, I am using it since years in ~/.mailcap that works well
> >> for mutt email client.
> >>
> >> text/org; emacsclient %s; nametemplate=%s.org;
> >> text/x-org; emacsclient %s; nametemplate=%s.org;
> >
> > Just for curiosity, couldn't it lead to execution of arbitrary code
> > placed into elisp table expressions, some macro, etc.? I have not
> > convinced myself that just opening of a file (without executing of src
> > blocks) is safe enough and there no dangerous #+startup options or other
> > tricks. Emacs is too powerful and too flexible...
>
> By default, it is pretty safe. While you can customize things in such a
> way as to expose you to additional danger, you have to explicitly do
> that.
>
> There is a risk with many MIME types, for example images, word and excel
> documents etc. Even HTML can be a threat, especially if your mail reader
> supports JS and is not well engineered with security checks.
>
> No email can be considered 100% safe. However, in addition to the
> possible security consequences, you also have to consider the
> likelihood. The effort it takes to craft a malicious payload needs some
> sort of reward and while that reward might be as trivial as just causing
> mayhem, the relatively small user base for org compared to other MIME
> types is unlikely to make it an attractive mechanism. You are more
> likely to choose something more popular to put your efforts into.
In general I understand your very valid points.
When using text based email reader and non-Javascript browsers to read
emails then email is practically very safe. I never encountered any
problems in last 2 decades plus 1 year. Of course there are phishing
and tracking emails and there are bugs in various software. Mostly I
have used mutt, and for some time Thunderbird. Never had any issue
with emails.
It does not mean there are none:
https://nvd.nist.gov/vuln/detail/CVE-2020-6793
https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/
https://www.cvedetails.com/product/3678/Mozilla-Thunderbird.html?vendor_id=452
https://www.cvedetails.com/google-search-results.php?q=mutt&sa=Search
- Re: Thoughts on the standardization of Org, (continued)
- Re: Thoughts on the standardization of Org, Jean Louis, 2020/11/10
- Re: Thoughts on the standardization of Org, Tim Cross, 2020/11/10
- Re: Thoughts on the standardization of Org, Jean Louis, 2020/11/11
- Re: Thoughts on the standardization of Org, Tim Cross, 2020/11/11
- Re: Thoughts on the standardization of Org, Maxim Nikulin, 2020/11/27
- Re: Thoughts on the standardization of Org, Jean Louis, 2020/11/27
- Re: Thoughts on the standardization of Org, Maxim Nikulin, 2020/11/11
- Re: Thoughts on the standardization of Org, Jean Louis, 2020/11/11
- Re: Thoughts on the standardization of Org, Greg Minshall, 2020/11/11
- Re: Thoughts on the standardization of Org, Greg Minshall, 2020/11/10
- Emails are not safe - Re: Thoughts on the standardization of Org,
Jean Louis <=
- Re: Thoughts on the standardization of Org, Dr. Arne Babenhauserheide, 2020/11/02
Re: Thoughts on the standardization of Org, Asa Zeren, 2020/11/01
Re: Thoughts on the standardization of Org, Ken Mankoff, 2020/11/01
Re: Thoughts on the standardization of Org, Eric S Fraga, 2020/11/02