From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#66390: `man' allows to inject arbitrary shell code
Date: Sat, 07 Oct 2023 18:58:12 +0300
Message-ID: <83o7hazap7.fsf@gnu.org>
References: <f17b9b73-8927-446a-9e54-459aad3b7bee@gmail.com>
 <83wmvyzir2.fsf@gnu.org>
 <585dcaf0-358e-4a9d-84d1-6fd9c2c8aec5@gmail.com>
 <83v8bizf9r.fsf@gnu.org>
 <1865abb8-16cd-4570-9a8a-87cf9430583d@gmail.com> <875y3iigua.fsf@gmx.de>
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="40821"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: manikulin@gmail.com, 66390@debbugs.gnu.org
To: Michael Albinus <michael.albinus@gmx.de>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Oct 07 17:59:13 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1qp9hx-000AMu-8g
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 07 Oct 2023 17:59:13 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1qp9ha-0007tm-HH; Sat, 07 Oct 2023 11:58:50 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qp9hU-0007sp-3z
 for bug-gnu-emacs@gnu.org; Sat, 07 Oct 2023 11:58:44 -0400
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qp9hT-00010e-NW
 for bug-gnu-emacs@gnu.org; Sat, 07 Oct 2023 11:58:43 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qp9hn-0002Ra-5c
 for bug-gnu-emacs@gnu.org; Sat, 07 Oct 2023 11:59:03 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 07 Oct 2023 15:59:03 +0000
Resent-Message-ID: <handler.66390.B66390.16966943069310@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 66390
X-GNU-PR-Package: emacs
Original-Received: via spool by 66390-submit@debbugs.gnu.org id=B66390.16966943069310
 (code B ref 66390); Sat, 07 Oct 2023 15:59:03 +0000
Original-Received: (at 66390) by debbugs.gnu.org; 7 Oct 2023 15:58:26 +0000
Original-Received: from localhost ([127.0.0.1]:55721 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qp9hC-0002Q6-BV
 for submit@debbugs.gnu.org; Sat, 07 Oct 2023 11:58:26 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40664)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1qp9hA-0002Pt-Ot
 for 66390@debbugs.gnu.org; Sat, 07 Oct 2023 11:58:25 -0400
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1qp9gl-0000th-QV; Sat, 07 Oct 2023 11:57:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=0ZSADVPzyKmzFAsiy4hBl6q37m048vl4rGqqqdBFjYU=; b=jfAyUWMeLkOm
 2H3WQkUiFNISDYuCGX0Muop7P8lqOKFeXlezyerhIK7BsL5Qfr8UMQRHPod9VUVrbTFM/MyK9oPTH
 Hz8OOvI5KukwkJSaCni+CaKQm1pzKkckSOVNjCAjX3d+JUT1MhEZ6fdUjuMEtQbtLKcEUq6oZEjyC
 ZjjXfGWfq0gN46cDfZmwGe29lzNijmWfB9Ev8CenzN6XiarvGvkxggs6i2GNvUsmd9T14yNyER/Ax
 y6nT26QsAgiWzA2yacIPFltAEvsTgz0JEhE58mcEstJSc8x2PJroRAxflvV4jLEZXT2EN+JtdiT5c
 et9bSYvnoMA2wX/BzpkUiQ==;
In-Reply-To: <875y3iigua.fsf@gmx.de> (message from Michael Albinus on Sat, 07
 Oct 2023 17:37:33 +0200)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:272021
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/272021>

> From: Michael Albinus <michael.albinus@gmx.de>
> Cc: Eli Zaretskii <eliz@gnu.org>,  66390@debbugs.gnu.org
> Date: Sat, 07 Oct 2023 17:37:33 +0200
> 
> The function `Man-translate-references' tries to do it. For example, it
> translates the argument "cat(1)" into "1 cat", which doesn't pose a
> problem. The function should check stronger, and it should reject
> arguments like "File:\\:UserDirs(3pm)".

Based on what would we reject such arguments?

And what kind of shell would we assume when rejecting that?

Once again, interactive invocations should let the user type whatever
she wants, and if that fails in strange ways, it's on the user, not on
us.