Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
bloopernova
7 months ago
|
parent
|
context
|
favorite
| on:
Arbitrary shell command evaluation in Org Mode (GN...
The vulnerability is that Emacs evaluates this automatically:
#+LINK: shell %(shell-command-to-string) [[shell:touch ~/hacked.txt]]
wiredfool
7 months ago
[–]
Is that only if the file has a specific extension? I'm not seeing it with a .txt extension.
accoil
7 months ago
|
parent
[–]
You need to have OrgMode active, which is usually not enabled for .txt. Try .org as the extension, or run `M-x org-mode` after opening the file.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
#+LINK: shell %(shell-command-to-string) [[shell:touch ~/hacked.txt]]