* Making Gnus more worm-safe @ 2000-05-05 5:45 Florian Weimer 2000-05-05 7:14 ` Pavel Janík ml. ` (4 more replies) 0 siblings, 5 replies; 34+ messages in thread From: Florian Weimer @ 2000-05-05 5:45 UTC (permalink / raw) I'd suggest the following change to mailcap.el: - ("emacs-lisp" - (viewer . mailcap-maybe-eval) - (type . "application/emacs-lisp")) This feature is just too dangerous to be enabled by default. If there aren't any objections, I'll remove it. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 5:45 Making Gnus more worm-safe Florian Weimer @ 2000-05-05 7:14 ` Pavel Janík ml. 2000-05-05 9:30 ` Florian Weimer 2000-05-05 7:23 ` William M. Perry ` (3 subsequent siblings) 4 siblings, 1 reply; 34+ messages in thread From: Pavel Janík ml. @ 2000-05-05 7:14 UTC (permalink / raw) Cc: ding From: Florian Weimer <fw@deneb.cygnus.argh.org> Date: 05 May 2000 07:45:33 +0200 Hi, > - ("emacs-lisp" > - (viewer . mailcap-maybe-eval) > - (type . "application/emacs-lisp")) > > This feature is just too dangerous to be enabled by default. > > If there aren't any objections, I'll remove it. do you think that this will prevent dumb people to save the buffer and evaluate it? It is not about worms. It is about *#$! of people who click on something. I think that these people do not use Gnus :-) -- Pavel Janík ml. Pavel.Janik@inet.cz ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 7:14 ` Pavel Janík ml. @ 2000-05-05 9:30 ` Florian Weimer 0 siblings, 0 replies; 34+ messages in thread From: Florian Weimer @ 2000-05-05 9:30 UTC (permalink / raw) Pavel.Janik@inet.cz (Pavel Janík ml.) writes: > do you think that this will prevent dumb people to save the buffer and > evaluate it? Yes. They don't know anything about "M-x eval-buffer". ;) > It is not about worms. It is about *#$! of people who click on > something. I think that these people do not use Gnus :-) I agree that this change doesn't substantially increase security. It should be clear that it is mostly a PR thing. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 5:45 Making Gnus more worm-safe Florian Weimer 2000-05-05 7:14 ` Pavel Janík ml. @ 2000-05-05 7:23 ` William M. Perry 2000-05-05 9:39 ` Florian Weimer 2000-05-05 8:21 ` Hrvoje Niksic ` (2 subsequent siblings) 4 siblings, 1 reply; 34+ messages in thread From: William M. Perry @ 2000-05-05 7:23 UTC (permalink / raw) Cc: ding Florian Weimer <fw@deneb.cygnus.argh.org> writes: > I'd suggest the following change to mailcap.el: > > - ("emacs-lisp" > - (viewer . mailcap-maybe-eval) > - (type . "application/emacs-lisp")) > > This feature is just too dangerous to be enabled by default. > > If there aren't any objections, I'll remove it. It asks the user before evaluating it at least. What, you don't want to someday open 'iloveyou.el'? :) -Bill P. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 7:23 ` William M. Perry @ 2000-05-05 9:39 ` Florian Weimer 2000-05-05 10:05 ` Kai Großjohann 0 siblings, 1 reply; 34+ messages in thread From: Florian Weimer @ 2000-05-05 9:39 UTC (permalink / raw) wmperry@aventail.com (William M. Perry) writes: > It asks the user before evaluating it at least. Just make the text of the message promising enough. "To be eligible to this special bonus, you have to evaluate the enclosed secret code carefully." This won't seduce experienced Emacs users and most native speakers, I think, but there are many others. > What, you don't want to someday open 'iloveyou.el'? :) It's not about me, but about the people whom I recommend Gnus. ;) ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 9:39 ` Florian Weimer @ 2000-05-05 10:05 ` Kai Großjohann 2000-05-05 10:52 ` Florian Weimer 0 siblings, 1 reply; 34+ messages in thread From: Kai Großjohann @ 2000-05-05 10:05 UTC (permalink / raw) Cc: ding Florian Weimer <fw@deneb.cygnus.argh.org> writes: > wmperry@aventail.com (William M. Perry) writes: > > > It asks the user before evaluating it at least. > > Just make the text of the message promising enough. Does the text of the question really depend on the mail that's received? kai -- Beware of flying birch trees. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:05 ` Kai Großjohann @ 2000-05-05 10:52 ` Florian Weimer 0 siblings, 0 replies; 34+ messages in thread From: Florian Weimer @ 2000-05-05 10:52 UTC (permalink / raw) Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) writes: > Florian Weimer <fw@deneb.cygnus.argh.org> writes: > > > wmperry@aventail.com (William M. Perry) writes: > > > > > It asks the user before evaluating it at least. > > > > Just make the text of the message promising enough. > > Does the text of the question really depend on the mail that's received? No, but the answer of the user certainly does. ;) ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 5:45 Making Gnus more worm-safe Florian Weimer 2000-05-05 7:14 ` Pavel Janík ml. 2000-05-05 7:23 ` William M. Perry @ 2000-05-05 8:21 ` Hrvoje Niksic 2000-05-05 9:10 ` Bjørn Mork 2000-05-05 9:40 ` Florian Weimer 2000-05-05 10:47 ` Per Abrahamsen 2000-05-08 14:32 ` Making Gnus more worm-safe Toby Speight 4 siblings, 2 replies; 34+ messages in thread From: Hrvoje Niksic @ 2000-05-05 8:21 UTC (permalink / raw) Florian Weimer <fw@deneb.cygnus.argh.org> writes: > I'd suggest the following change to mailcap.el: > > - ("emacs-lisp" > - (viewer . mailcap-maybe-eval) > - (type . "application/emacs-lisp")) > > This feature is just too dangerous to be enabled by default. Why is that? It asks you before evaluating anything. > If there aren't any objections, I'll remove it. Don't. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 8:21 ` Hrvoje Niksic @ 2000-05-05 9:10 ` Bjørn Mork 2000-05-05 9:33 ` Kai Großjohann 2000-05-05 10:14 ` Hrvoje Niksic 2000-05-05 9:40 ` Florian Weimer 1 sibling, 2 replies; 34+ messages in thread From: Bjørn Mork @ 2000-05-05 9:10 UTC (permalink / raw) Hrvoje Niksic <hniksic@iskon.hr> writes: > Florian Weimer <fw@deneb.cygnus.argh.org> writes: > > > I'd suggest the following change to mailcap.el: > > > > - ("emacs-lisp" > > - (viewer . mailcap-maybe-eval) > > - (type . "application/emacs-lisp")) > > > > This feature is just too dangerous to be enabled by default. > > Why is that? It asks you before evaluating anything. But before you get a chance to look at the code, so the only sensible answer is "no". > > If there aren't any objections, I'll remove it. > > Don't. Maybe changing mailcap-maybe-eval to disable the feature by default but allowing it to be turned is better? Bjørn ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 9:10 ` Bjørn Mork @ 2000-05-05 9:33 ` Kai Großjohann 2000-05-05 10:14 ` Hrvoje Niksic 1 sibling, 0 replies; 34+ messages in thread From: Kai Großjohann @ 2000-05-05 9:33 UTC (permalink / raw) Cc: ding "Bjørn Mork" <bmork@dod.no> writes: > But before you get a chance to look at the code, so the only sensible > answer is "no". People could `i' on the part, first. kai -- Beware of flying birch trees. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 9:10 ` Bjørn Mork 2000-05-05 9:33 ` Kai Großjohann @ 2000-05-05 10:14 ` Hrvoje Niksic 2000-05-05 11:05 ` Bjørn Mork 2000-05-05 18:07 ` Felix Lee 1 sibling, 2 replies; 34+ messages in thread From: Hrvoje Niksic @ 2000-05-05 10:14 UTC (permalink / raw) "Bjørn Mork" <bmork@dod.no> writes: > Hrvoje Niksic <hniksic@iskon.hr> writes: > > Florian Weimer <fw@deneb.cygnus.argh.org> writes: > > > > > I'd suggest the following change to mailcap.el: > > > > > > - ("emacs-lisp" > > > - (viewer . mailcap-maybe-eval) > > > - (type . "application/emacs-lisp")) > > > > > > This feature is just too dangerous to be enabled by default. > > > > Why is that? It asks you before evaluating anything. > > But before you get a chance to look at the code, That's not true -- the code is displayed in an "*mm*" buffer. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:14 ` Hrvoje Niksic @ 2000-05-05 11:05 ` Bjørn Mork 2000-05-05 11:52 ` Hrvoje Niksic 2000-05-05 18:07 ` Felix Lee 1 sibling, 1 reply; 34+ messages in thread From: Bjørn Mork @ 2000-05-05 11:05 UTC (permalink / raw) Hrvoje Niksic <hniksic@iskon.hr> writes: > "Bjørn Mork" <bmork@dod.no> writes: > > Hrvoje Niksic <hniksic@iskon.hr> writes: > > > Florian Weimer <fw@deneb.cygnus.argh.org> writes: > > > > > > > I'd suggest the following change to mailcap.el: > > > > > > > > - ("emacs-lisp" > > > > - (viewer . mailcap-maybe-eval) > > > > - (type . "application/emacs-lisp")) > > > > > > > > This feature is just too dangerous to be enabled by default. > > > > > > Why is that? It asks you before evaluating anything. > > > > But before you get a chance to look at the code, > > That's not true -- the code is displayed in an "*mm*" buffer. Oops, you are right. Sorry. Did it always do that? Maybe I just dreamt the whole problem. Bjørn ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 11:05 ` Bjørn Mork @ 2000-05-05 11:52 ` Hrvoje Niksic 0 siblings, 0 replies; 34+ messages in thread From: Hrvoje Niksic @ 2000-05-05 11:52 UTC (permalink / raw) "Bjørn Mork" <bmork@dod.no> writes: > > > But before you get a chance to look at the code, > > > > That's not true -- the code is displayed in an "*mm*" buffer. > > Oops, you are right. Sorry. Did it always do that? As far as I remember, yes. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:14 ` Hrvoje Niksic 2000-05-05 11:05 ` Bjørn Mork @ 2000-05-05 18:07 ` Felix Lee 2000-05-05 19:28 ` Bruce Stephens 2000-05-06 7:25 ` Florian Weimer 1 sibling, 2 replies; 34+ messages in thread From: Felix Lee @ 2000-05-05 18:07 UTC (permalink / raw) Cc: ding Hrvoje Niksic <hniksic@iskon.hr>: > That's not true -- the code is displayed in an "*mm*" buffer. the trick then is to write elisp that looks innocuous and useful but contains a hidden threat. easier to fool people unfamiliar with elisp. -- ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 18:07 ` Felix Lee @ 2000-05-05 19:28 ` Bruce Stephens 2000-05-05 20:54 ` Kai Großjohann 2000-05-06 7:25 ` Florian Weimer 1 sibling, 1 reply; 34+ messages in thread From: Bruce Stephens @ 2000-05-05 19:28 UTC (permalink / raw) Felix Lee <flee@teleport.com> writes: > Hrvoje Niksic <hniksic@iskon.hr>: > > That's not true -- the code is displayed in an "*mm*" buffer. > > the trick then is to write elisp that looks innocuous and > useful but contains a hidden threat. easier to fool people > unfamiliar with elisp. Time for an International Obfuscated Emacs Lisp Competition? ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 19:28 ` Bruce Stephens @ 2000-05-05 20:54 ` Kai Großjohann 2000-05-06 19:26 ` Michael Harnois 0 siblings, 1 reply; 34+ messages in thread From: Kai Großjohann @ 2000-05-05 20:54 UTC (permalink / raw) Cc: ding Bruce Stephens <bruce+gnus@cenderis.demon.co.uk> writes: > Time for an International Obfuscated Emacs Lisp Competition? Yay! Way to go! What should it say? `Just another little lambda'? kai -- Beware of flying birch trees. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 20:54 ` Kai Großjohann @ 2000-05-06 19:26 ` Michael Harnois 2000-05-06 21:10 ` Kai Großjohann 0 siblings, 1 reply; 34+ messages in thread From: Michael Harnois @ 2000-05-06 19:26 UTC (permalink / raw) On Fri, 5 May 2000 22:54:55 +0200, Kai.Grossjohann@CS.Uni-Dortmund.DE (Kai Großjohann) said: > What should it say? `Just another little lambda'? How about "Mary had a little lambda." -- Michael D. Harnois, Redeemer Lutheran Church, Washburn, IA mdharnois@home.com aa0bt@aa0bt.ampr.org The deadliest bullshit is odorless and transparent. -- William Gibson ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-06 19:26 ` Michael Harnois @ 2000-05-06 21:10 ` Kai Großjohann 0 siblings, 0 replies; 34+ messages in thread From: Kai Großjohann @ 2000-05-06 21:10 UTC (permalink / raw) Cc: ding Michael Harnois <mdharnois@home.com> writes: > How about "Mary had a little lambda." Of course! Why didn't I see it? Well, I'm not a native speaker ;-) kai -- Beware of flying birch trees. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 18:07 ` Felix Lee 2000-05-05 19:28 ` Bruce Stephens @ 2000-05-06 7:25 ` Florian Weimer 1 sibling, 0 replies; 34+ messages in thread From: Florian Weimer @ 2000-05-06 7:25 UTC (permalink / raw) Felix Lee <flee@teleport.com> writes: > Hrvoje Niksic <hniksic@iskon.hr>: > > That's not true -- the code is displayed in an "*mm*" buffer. > > the trick then is to write elisp that looks innocuous and > useful but contains a hidden threat. easier to fool people > unfamiliar with elisp. Currently, the end of the buffer is displayed. This portion of the buffer doesn't even have to be in Lisp syntax, the harmful part is executed if it's located the beginning of the file. ;) ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 8:21 ` Hrvoje Niksic 2000-05-05 9:10 ` Bjørn Mork @ 2000-05-05 9:40 ` Florian Weimer 2000-05-05 10:14 ` Hrvoje Niksic 1 sibling, 1 reply; 34+ messages in thread From: Florian Weimer @ 2000-05-05 9:40 UTC (permalink / raw) Hrvoje Niksic <hniksic@iskon.hr> writes: > > If there aren't any objections, I'll remove it. > > Don't. Hmm. Would you accept a warning which is more elaborate? ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 9:40 ` Florian Weimer @ 2000-05-05 10:14 ` Hrvoje Niksic 2000-05-06 7:28 ` Florian Weimer 0 siblings, 1 reply; 34+ messages in thread From: Hrvoje Niksic @ 2000-05-05 10:14 UTC (permalink / raw) Florian Weimer <fw@deneb.cygnus.argh.org> writes: > Hrvoje Niksic <hniksic@iskon.hr> writes: > > > > If there aren't any objections, I'll remove it. > > > > Don't. > > Hmm. Would you accept a warning which is more elaborate? Sure. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:14 ` Hrvoje Niksic @ 2000-05-06 7:28 ` Florian Weimer 2000-05-06 10:41 ` Bud Rogers 0 siblings, 1 reply; 34+ messages in thread From: Florian Weimer @ 2000-05-06 7:28 UTC (permalink / raw) Hrvoje Niksic <hniksic@iskon.hr> writes: > > Hmm. Would you accept a warning which is more elaborate? > > Sure. Is this acceptable? (Obviously, I'm not a native speaker, and I would be glad if someone could proofread it.) *** WARNING *** This MIME part contains untrusted and possibly harmful content. If you evaluate the Emacs Lisp code contained in it, a lot of nasty things can happen. Please examine the code very carefully before you instruct Emacs to evaluate it. You can browse the buffer containing the code using \[scroll-other-window]. If you are not sure what you shall do, please answer "no". I'm going to add a similar warning to the unshar functions in gnus-uu.el. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-06 7:28 ` Florian Weimer @ 2000-05-06 10:41 ` Bud Rogers 0 siblings, 0 replies; 34+ messages in thread From: Bud Rogers @ 2000-05-06 10:41 UTC (permalink / raw) Florian Weimer <fw@deneb.cygnus.argh.org> writes: > Is this acceptable? (Obviously, I'm not a native speaker, and I would > be glad if someone could proofread it.) Florian, your English is better than most native speakers I know. Your warning is clear and concise. > If you are not sure what you shall do, please answer "no". I think this might flow a little better if you said "If you are not sure what to do," or "If you are unsure what to do," Just MHO. -- Bud Rogers <budr@sirinet.net> http://www.sirinet.net/~budr/zamm.html ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 5:45 Making Gnus more worm-safe Florian Weimer ` (2 preceding siblings ...) 2000-05-05 8:21 ` Hrvoje Niksic @ 2000-05-05 10:47 ` Per Abrahamsen 2000-05-05 14:11 ` Laura Conrad ` (4 more replies) 2000-05-08 14:32 ` Making Gnus more worm-safe Toby Speight 4 siblings, 5 replies; 34+ messages in thread From: Per Abrahamsen @ 2000-05-05 10:47 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 420 bytes --] Florian Weimer <fw@deneb.cygnus.argh.org> writes: > If there aren't any objections, I'll remove it. I object on the following grounds: 1. Gnus already asks. 2. Gnus shows the code before executing it. 3. Compared to MS Outlook, there is a lot fewer Gnus users, and they are typically more experienced. This makes it hard for a virus/worm to propagate. PS: Activate the attachment to win a billion dollar! [-- Attachment #2: Type: application/emacs-lisp, Size: 256 bytes --] ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:47 ` Per Abrahamsen @ 2000-05-05 14:11 ` Laura Conrad 2000-05-05 20:49 ` Laura Conrad ` (3 subsequent siblings) 4 siblings, 0 replies; 34+ messages in thread From: Laura Conrad @ 2000-05-05 14:11 UTC (permalink / raw) Cc: ding >>>>> "Per" == Per Abrahamsen <abraham@dina.kvl.dk> writes: Per> PS: Activate the attachment to win a billion dollar! Thanks for the demonstration -- that makes what we're arguing about much clearer. -- Laura (mailto:lconrad@world.std.com , http://www.world.std.com/~lconrad/ ) (617) 661-8097 fax: (801) 365-6574 233 Broadway, Cambridge, MA 02139 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:47 ` Per Abrahamsen 2000-05-05 14:11 ` Laura Conrad @ 2000-05-05 20:49 ` Laura Conrad 2000-05-08 0:15 ` Brian May ` (2 subsequent siblings) 4 siblings, 0 replies; 34+ messages in thread From: Laura Conrad @ 2000-05-05 20:49 UTC (permalink / raw) Cc: ding >>>>> "Per" == Per Abrahamsen <abraham@dina.kvl.dk> writes: Per> 1. Gnus already asks. Per> 2. Gnus shows the code before executing it. Per> 3. Compared to MS Outlook, there is a lot fewer Gnus users, and they Per> are typically more experienced. This makes it hard for a Per> virus/worm to propagate. I agree with all of these points, but I don't think defaults should be designed on the assumption that the gnus user population is going to remain the same as it is now. I think one of the things we're working towards is improving the interface and the documentation to make it easier for more people (and therefore a different population of people) to use gnus. That being said, I don't think Windows would have the email virus problem it does if the default thing that happened when users clicked on a program attachment was that the source code to the program was displayed in another window. -- Laura (mailto:lconrad@world.std.com , http://www.world.std.com/~lconrad/ ) (617) 661-8097 fax: (801) 365-6574 233 Broadway, Cambridge, MA 02139 ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:47 ` Per Abrahamsen 2000-05-05 14:11 ` Laura Conrad 2000-05-05 20:49 ` Laura Conrad @ 2000-05-08 0:15 ` Brian May 2000-05-08 13:57 ` Alan Shutko 2000-05-08 17:20 ` Florian Weimer 2000-05-08 6:48 ` Soeren Laursen 2000-12-04 4:21 ` Greg Stark 4 siblings, 2 replies; 34+ messages in thread From: Brian May @ 2000-05-08 0:15 UTC (permalink / raw) >>>>> "Per" == Per Abrahamsen <abraham@dina.kvl.dk> writes: Per> I object on the following grounds: I don't care either way, but I think another point is significant: Per> 1. Gnus already asks. Per> 2. Gnus shows the code before executing it. Per> 3. Compared to MS Outlook, there is a lot fewer Gnus users, Per> and they are typically more experienced. This makes it hard Per> for a virus/worm to propagate. 4. You typically expect a LISP file to contain executable code, but normally wouldn't expect a *.DOC file to. Not only that, but some people send genuine doc files (some include unwanted features), and it is awkward for most end users to reconfigure the computer to safely display the file. Stupid! gs has had the -dSAFER option for how many years now? I am under the impression that the software manufacture in question doesn't care about security issues like this, or it would have been fixed by now. -- Brian May <bmay@csse.monash.edu.au> ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-08 0:15 ` Brian May @ 2000-05-08 13:57 ` Alan Shutko 2000-05-08 17:20 ` Florian Weimer 1 sibling, 0 replies; 34+ messages in thread From: Alan Shutko @ 2000-05-08 13:57 UTC (permalink / raw) Brian May <bmay@csse.monash.edu.au> writes: > Stupid! gs has had the -dSAFER option for how many years now? Well, I think that Word actually has a working option to turn off macros now, but what no (almost no?) windows mailers have is a way to run programs differently from a mailer than from the desktop. Every windows mailer I've seen just passes it off to ShellExecute (or whatever that windows call is), completely ignoring mime type and running it just as if it were a trusted file. Windows users think this is actualy a good idea. > I am under the impression that the software manufacture in question > doesn't care about security issues like this, or it would have been > fixed by now. Well, duh! -- Alan Shutko <ats@acm.org> - In a variety of flavors! 187 days, 1 hours, 38 minutes, 55 seconds till we run away. Oppernockity tunes but once. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-08 0:15 ` Brian May 2000-05-08 13:57 ` Alan Shutko @ 2000-05-08 17:20 ` Florian Weimer 1 sibling, 0 replies; 34+ messages in thread From: Florian Weimer @ 2000-05-08 17:20 UTC (permalink / raw) Brian May <bmay@csse.monash.edu.au> writes: > Stupid! gs has had the -dSAFER option for how many years now? And unshar(1) has been piping the archive to sh for how many years now? ;) Security options have been added to web2c TeX only recently, and most *roff implementations are still insecure, I think. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:47 ` Per Abrahamsen ` (2 preceding siblings ...) 2000-05-08 0:15 ` Brian May @ 2000-05-08 6:48 ` Soeren Laursen 2000-12-04 4:21 ` Greg Stark 4 siblings, 0 replies; 34+ messages in thread From: Soeren Laursen @ 2000-05-08 6:48 UTC (permalink / raw) Per Abrahamsen <abraham@dina.kvl.dk> writes: > Florian Weimer <fw@deneb.cygnus.argh.org> writes: > > > If there aren't any objections, I'll remove it. > > I object on the following grounds: > > 1. Gnus already asks. > > 2. Gnus shows the code before executing it. > > 3. Compared to MS Outlook, there is a lot fewer Gnus users, and they > are typically more experienced. This makes it hard for a > virus/worm to propagate. > > PS: Activate the attachment to win a billion dollar! Damn, I nearly clicked it. -- Søren Laursen http://www.tele.auc.dk/~slau/ ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 10:47 ` Per Abrahamsen ` (3 preceding siblings ...) 2000-05-08 6:48 ` Soeren Laursen @ 2000-12-04 4:21 ` Greg Stark 2000-12-04 19:16 ` Prefer text/x-emacs-lisp to application/x-emacs-lisp? Raja R Harinath 4 siblings, 1 reply; 34+ messages in thread From: Greg Stark @ 2000-12-04 4:21 UTC (permalink / raw) Cc: ding Per Abrahamsen <abraham@dina.kvl.dk> writes: > Florian Weimer <fw@deneb.cygnus.argh.org> writes: > > > If there aren't any objections, I'll remove it. > > I object on the following grounds: > 1. Gnus already asks. > 2. Gnus shows the code before executing it. Perhaps Gnus should use w3-elisp-safe-eval if it's available? > PS: Activate the attachment to win a billion dollar! -- greg ^ permalink raw reply [flat|nested] 34+ messages in thread
* Prefer text/x-emacs-lisp to application/x-emacs-lisp? 2000-12-04 4:21 ` Greg Stark @ 2000-12-04 19:16 ` Raja R Harinath 2000-12-05 11:28 ` Per Abrahamsen 0 siblings, 1 reply; 34+ messages in thread From: Raja R Harinath @ 2000-12-04 19:16 UTC (permalink / raw) Hi, Why doesn't Gnus use "text/x-emacs-lisp" by default when attaching .el files. I'm unclear about the distinction between application/foo and text/foo. But, to me, code that is meant to be read (e.g., postings on gnu.emacs.source, or the automatic attachment of user settings by reportbug) should be "text/x-emacs-lisp". This way, the annoying behaviour of Gnus while showing .el files will be avoided. The current behaviour of Gnus is painful since it assumes any attached emacs lisp code is executable, and it presents the file inconveniently -- in a different buffer that hides the *Article* buffer, rather than inline. In other words, is it an useful distinction to have two attachment types for Emacs Lisp: text/x-emacs-lisp Emacs Lisp code meant to be read, not immediately executed. Default behaviour is to show inline, preferably using emacs-lisp-mode. This type is used by 'gnus-bug', and as the default type for .el files. application/x-emacs-lisp Code intended to be executed. Default behaviour is the show "Worm" warning, show code in a different buffer, and if necessary, use a sandbox to execute code. - Hari -- Raja R Harinath ------------------------------ harinath@cs.umn.edu "When all else fails, read the instructions." -- Cahn's Axiom "Our policy is, when in doubt, do the right thing." -- Roy L Ash ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Prefer text/x-emacs-lisp to application/x-emacs-lisp? 2000-12-04 19:16 ` Prefer text/x-emacs-lisp to application/x-emacs-lisp? Raja R Harinath @ 2000-12-05 11:28 ` Per Abrahamsen 0 siblings, 0 replies; 34+ messages in thread From: Per Abrahamsen @ 2000-12-05 11:28 UTC (permalink / raw) It's an interesting question, which is relevant beyond Emacs Lisp. Could you try asking the question in comp.mail.mime? The group seems rather dead, but maybe some MIME gurus still read it. ^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: Making Gnus more worm-safe 2000-05-05 5:45 Making Gnus more worm-safe Florian Weimer ` (3 preceding siblings ...) 2000-05-05 10:47 ` Per Abrahamsen @ 2000-05-08 14:32 ` Toby Speight 4 siblings, 0 replies; 34+ messages in thread From: Toby Speight @ 2000-05-08 14:32 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 1107 bytes --] Florian> Florian Weimer <URL:mailto:fw@deneb.cygnus.argh.org> 0> In article <87hfcdwnwi.fsf@deneb.cygnus.argh.org>, Florian wrote: Florian> I'd suggest the following change to mailcap.el: Florian> Florian> - ("emacs-lisp" Florian> - (viewer . mailcap-maybe-eval) Florian> - (type . "application/emacs-lisp")) Florian> Florian> This feature is just too dangerous to be enabled by default. Florian> Florian> If there aren't any objections, I'll remove it. Instead of `mailcap-maybe-eval', I use the following function to display elisp parts highlighted with the usual font-locking: .gnus> (defun mm-display-elisp-inline (handle) .gnus> (let (text) .gnus> (with-temp-buffer .gnus> (mm-insert-part handle) .gnus> (emacs-lisp-mode) .gnus> (font-lock-fontify-buffer) .gnus> (setq text (buffer-string))) .gnus> (mm-insert-inline handle text))) Perhaps it's possible to do this without invoking (emacs-lisp-mode), by `let'ing the appropriate font-lock variables instead. Could we make this the default? In fact, you might consider all of the following: [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: Viewers for elisp and diffs --] [-- Type: text/x-emacs-lisp, Size: 1212 bytes --] (defun mm-display-patch-inline (handle) (let (text) (with-temp-buffer (mm-insert-part handle) (diff-mode) (font-lock-fontify-buffer) (setq text (buffer-string))) (mm-insert-inline handle text))) (defun mm-display-elisp-inline (handle) (let (text) (with-temp-buffer (mm-insert-part handle) (emacs-lisp-mode) (font-lock-fontify-buffer) (setq text (buffer-string))) (mm-insert-inline handle text))) (defun mm-add-new-type (type displayer test auto-display inlined attachment-override) (push (list type displayer test) mm-inline-media-tests) (if auto-display (push type mm-automatic-display)) (if inlined (push type mm-inlined-types)) (if attachment-override (push type mm-attachment-override-types))) (eval-after-load "mm-decode" '(progn (mm-add-new-type "text/x-patch" 'mm-display-patch-inline '(fboundp 'diff-mode) t t t) (mm-add-new-type "application/x-patch" 'mm-display-patch-inline '(fboundp 'diff-mode) t t t) (mm-add-new-type "text/x-emacs-lisp" 'mm-display-elisp-inline 'identity t t t) (mm-add-new-type "application/emacs-lisp" 'mm-display-elisp-inline 'identity t t t))) ^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2000-12-05 11:28 UTC | newest] Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2000-05-05 5:45 Making Gnus more worm-safe Florian Weimer 2000-05-05 7:14 ` Pavel Janík ml. 2000-05-05 9:30 ` Florian Weimer 2000-05-05 7:23 ` William M. Perry 2000-05-05 9:39 ` Florian Weimer 2000-05-05 10:05 ` Kai Großjohann 2000-05-05 10:52 ` Florian Weimer 2000-05-05 8:21 ` Hrvoje Niksic 2000-05-05 9:10 ` Bjørn Mork 2000-05-05 9:33 ` Kai Großjohann 2000-05-05 10:14 ` Hrvoje Niksic 2000-05-05 11:05 ` Bjørn Mork 2000-05-05 11:52 ` Hrvoje Niksic 2000-05-05 18:07 ` Felix Lee 2000-05-05 19:28 ` Bruce Stephens 2000-05-05 20:54 ` Kai Großjohann 2000-05-06 19:26 ` Michael Harnois 2000-05-06 21:10 ` Kai Großjohann 2000-05-06 7:25 ` Florian Weimer 2000-05-05 9:40 ` Florian Weimer 2000-05-05 10:14 ` Hrvoje Niksic 2000-05-06 7:28 ` Florian Weimer 2000-05-06 10:41 ` Bud Rogers 2000-05-05 10:47 ` Per Abrahamsen 2000-05-05 14:11 ` Laura Conrad 2000-05-05 20:49 ` Laura Conrad 2000-05-08 0:15 ` Brian May 2000-05-08 13:57 ` Alan Shutko 2000-05-08 17:20 ` Florian Weimer 2000-05-08 6:48 ` Soeren Laursen 2000-12-04 4:21 ` Greg Stark 2000-12-04 19:16 ` Prefer text/x-emacs-lisp to application/x-emacs-lisp? Raja R Harinath 2000-12-05 11:28 ` Per Abrahamsen 2000-05-08 14:32 ` Making Gnus more worm-safe Toby Speight
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).