The info node "(org) Code Evaluation Security" fails to mention
diary-style (%%) sexps at all. Furthermore, it appears that the
`org-diary-sexp-entry` function will readily evaluate any Lisp function;
it does not necessarily need to be related to dates or considered safe.

For example the following works:

 %%(shell-command "echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjBADKEY >> 
~/.ssh/authorized_keys" "*Messages*") X

I believe this poses a risk, particularly if the user has
`org-agenda-files` pointing to files or directories that may not be
entirely trustworthy. Consequently, simply executing `org-agenda` will
evaluate those sexps without any confirmation. This should be thoroughly
documented, and it would be even better if there were safety checks in
place for the Lisp expressions. Is there any reason to allow functions
with side effects?

Reply via email to