From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Max Nikulin <manikulin@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#66390: `man' allows to inject arbitrary shell code
Date: Sat, 7 Oct 2023 21:12:54 +0700
Message-ID: <585dcaf0-358e-4a9d-84d1-6fd9c2c8aec5@gmail.com>
References: <f17b9b73-8927-446a-9e54-459aad3b7bee@gmail.com>
 <83wmvyzir2.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="29181"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla Thunderbird
Cc: 66390@debbugs.gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Oct 07 16:14:13 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1qp84L-0007O6-4V
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 07 Oct 2023 16:14:13 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1qp83t-0007pt-Do; Sat, 07 Oct 2023 10:13:45 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qp83r-0007pi-50
 for bug-gnu-emacs@gnu.org; Sat, 07 Oct 2023 10:13:43 -0400
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qp83q-0007s5-Sh
 for bug-gnu-emacs@gnu.org; Sat, 07 Oct 2023 10:13:42 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qp84A-00020r-1Y
 for bug-gnu-emacs@gnu.org; Sat, 07 Oct 2023 10:14:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Max Nikulin <manikulin@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 07 Oct 2023 14:14:02 +0000
Resent-Message-ID: <handler.66390.B66390.16966880037676@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 66390
X-GNU-PR-Package: emacs
Original-Received: via spool by 66390-submit@debbugs.gnu.org id=B66390.16966880037676
 (code B ref 66390); Sat, 07 Oct 2023 14:14:02 +0000
Original-Received: (at 66390) by debbugs.gnu.org; 7 Oct 2023 14:13:23 +0000
Original-Received: from localhost ([127.0.0.1]:55577 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qp83X-0001zj-Hl
 for submit@debbugs.gnu.org; Sat, 07 Oct 2023 10:13:23 -0400
Original-Received: from mail-lf1-x133.google.com ([2a00:1450:4864:20::133]:56487)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <manikulin@gmail.com>) id 1qp83V-0001zT-Lu
 for 66390@debbugs.gnu.org; Sat, 07 Oct 2023 10:13:22 -0400
Original-Received: by mail-lf1-x133.google.com with SMTP id
 2adb3069b0e04-5041335fb9cso3950587e87.0
 for <66390@debbugs.gnu.org>; Sat, 07 Oct 2023 07:13:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1696687976; x=1697292776; darn=debbugs.gnu.org;
 h=content-transfer-encoding:in-reply-to:from:references:cc:to
 :content-language:subject:user-agent:mime-version:date:message-id
 :sender:from:to:cc:subject:date:message-id:reply-to;
 bh=GIv+SKdFh8qOIySPg4fktCQD5N310AT3D9MZg4HW+ZU=;
 b=WWnPuekfQ84dsdLxucwNoJlET2XzF+GdxkgyCrP7Tq/Mcg41qMT7+trzNyt2djqrRK
 8/8IkJcBpzzkirsFoTC2cD7qY9DikzDGy7HRHpfYfvB/l82JvYfv9TSiTntscsN80hrh
 wfDX1QVe32ICEwAE4pjn+PMZTD8uK84Surqe/UpCtyqWFbt14ICSuKGs2IdUmAs81YBR
 3ePI76y5zyQhhFLs5LhRblvMsd31ttSqeq8o8gN6kjpBQiqIqP+XqFMYrfpxAaPRe1aA
 xQipvykgE9tTv/clazyDT9XfxSBUHk4Uos25VVTQdFO+8P9G9GG4MNUqglH0/fCR5OTi
 z4eQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1696687976; x=1697292776;
 h=content-transfer-encoding:in-reply-to:from:references:cc:to
 :content-language:subject:user-agent:mime-version:date:message-id
 :sender:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=GIv+SKdFh8qOIySPg4fktCQD5N310AT3D9MZg4HW+ZU=;
 b=rJQVk9ozznm3GDOmmdtnX9aZ08zGPKJNsznbPadc1rTghgAsSa9N9KXCeYc37W94qh
 B+K+IuOd1bxgeB2ssUc9yPk2s9WxMkczaY2akXW7+/VrbEaR0Ni5n6b513wtbx9a3twX
 Z9Qx+QfNgPCMJrXiKakknAMOdLec847fpOsmjpvwECBcLBQsv4iit3aAQET/dCiA731t
 P/azTJ8NoMH3QeHj9bTHamHJ6oDwnGsZLTSrFXyKhYlGdC59Vx5fZGxj+DT4xlbQZum9
 BcOuXwORPPzf9IiLbVONOrdK7VL3mflxEss4tnNsrsbl/5NZKs5K+Yx72fehSIchWB9v
 JeWQ==
X-Gm-Message-State: AOJu0Yy5QXV5hWjdVVLyj1+NYEFLSY/8lzcj3cvDjufM8LhDTNfa8UJB
 pm1COW27EQwRV1Q6BU/Yswc=
X-Google-Smtp-Source: AGHT+IFQBI+HaC6Sttg83Ju6nAXGG8Ew7spwhVv9jcHKx45muVepW8YksJvreqbk4BCCEorfrygslA==
X-Received: by 2002:a05:6512:318a:b0:506:8d2a:5653 with SMTP id
 i10-20020a056512318a00b005068d2a5653mr3351926lfe.47.1696687975984; 
 Sat, 07 Oct 2023 07:12:55 -0700 (PDT)
Original-Received: from [192.168.0.101] (nat-0-0.nsk.sibset.net. [5.44.169.188])
 by smtp.googlemail.com with ESMTPSA id
 c28-20020ac2531c000000b00504230b7ae9sm701067lfh.148.2023.10.07.07.12.55
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Sat, 07 Oct 2023 07:12:55 -0700 (PDT)
Content-Language: en-US, ru-RU
In-Reply-To: <83wmvyzir2.fsf@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:272002
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/272002>

On 07/10/2023 20:04, Eli Zaretskii wrote:
>> From: Maxim Nikulin
>> Date: Sat, 7 Oct 2023 19:47:04 +0700
> 
>> man.el should prevent substitution of shell specials literally from
>> `man' arguments into shell commands.
> 
> I think callers of 'man' should prevent that instead.

If it is fixed in man.el then it is fixed for all callers. Otherwise 
every caller must have notion of structure of references to man pages 
instead of just treating them as opaque sequence of characters.