org: Code evaluation security
15.4 Code evaluation and security issues
========================================
Org provides tools to work with the code snippets, including evaluating
them.
Running code on your machine always comes with a security risk.
Badly written or malicious code can be executed on purpose or by
accident. Org has default settings which will only evaluate such code
if you give explicit permission to do so, and as a casual user of these
features you should leave these precautions intact.
For people who regularly work with such code, the confirmation
prompts can become annoying, and you might want to turn them off. This
can be done, but you must be aware of the risks that are involved.
Code evaluation can happen under the following circumstances:
Source code blocks
Source code blocks can be evaluated during export, or when pressing
‘C-c C-c’ in the block. The most important thing to realize here
is that Org mode files which contain code snippets are, in a
certain sense, like executable files. So you should accept them
and load them into Emacs only from trusted sources—just like you
would do with a program you install on your computer.
Make sure you know what you are doing before customizing the
variables which take off the default security brakes.
-- User Option: org-confirm-babel-evaluate
When t (the default), the user is asked before every code
block evaluation. When ‘nil’, the user is not asked. When
set to a function, it is called with two arguments (language
and body of the code block) and should return t to ask and
‘nil’ not to ask.
For example, here is how to execute "ditaa" code (which is
considered safe) without asking:
(defun my-org-confirm-babel-evaluate (lang body)
(not (string= lang "ditaa"))) ; don't ask for ditaa
(setq org-confirm-babel-evaluate 'my-org-confirm-babel-evaluate)
Following ‘shell’ and ‘elisp’ links
Org has two link types that can directly evaluate code (
External links). These links can be problematic because the code
to be evaluated is not visible.
-- User Option: org-confirm-shell-link-function
Function to queries user about shell link execution.
-- User Option: org-confirm-elisp-link-function
Functions to query user for Emacs Lisp link execution.
Formulas in tables
Formulas in tables (The spreadsheet) are code that is
evaluated either by the calc interpreter, or by the Emacs Lisp
interpreter.