From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop Date: Thu, 09 Mar 2023 09:19:53 +0200 Message-ID: <83pm9i2xye.fsf@gnu.org> References: <167821009581.14664.5608674978571454819@vcs2.savannah.gnu.org> <20230307172816.2D56BC13915@vcs2.savannah.gnu.org> <877cvsozn5.fsf@yahoo.com> <87zg8onfob.fsf@yahoo.com> <87r0tzoeam.fsf@yahoo.com> <87a60no7su.fsf@yahoo.com> <87edpzplom.fsf@gmail.com> <83o7p349f9.fsf@gnu.org> <87cz5in3xu.fsf@yahoo.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="7297"; mail-complaints-to="usenet@ciao.gmane.io" Cc: ulm@gentoo.org, rpluim@gmail.com, emacs-devel@gnu.org To: Po Lu Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Mar 09 08:20:40 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1paAZr-0001gM-Aj for ged-emacs-devel@m.gmane-mx.org; Thu, 09 Mar 2023 08:20:39 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1paAZA-0001ru-Kk; Thu, 09 Mar 2023 02:19:56 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1paAZ8-0001rB-Pi for emacs-devel@gnu.org; Thu, 09 Mar 2023 02:19:54 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1paAZ8-0007X8-B6; Thu, 09 Mar 2023 02:19:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=9lMCCZXxQ/E5tdJy8JnyR2tLyj5CuzFjyVpxM90rHiw=; b=ZhfeBZSPTbBl mqQURLFnWc1qGYlCvvdq88k1dnxeZqSv2NGQS12tXbhiCNsctthAbYUalkqGqeuTKuGtqRBJ69nvc RDU43m4n05Yo4OV8ga5CV+B09q6rS79ziw24n7rpmsgEXyTtt4EOigvJVTlFSdtdrPUJGuNcO7WOf eWDx1degArlrib8PYfehC+dS+JI7S1KlS0CkydAl8Fi1oC9jjdFaL4cF8Sb3RLnlz3QZe7l1FZy5c /ELUPFTYWpgz74OzjFPDphyeI8N23bn/quDgmj0HAEnHJzcSUtNtZNjktYohS4yb3LtEJ6K1N92nx W+FmbhHWWbr9myYvzgteNg==; Original-Received: from [87.69.77.57] (helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1paAZ7-00020x-Fw; Thu, 09 Mar 2023 02:19:53 -0500 In-Reply-To: <87cz5in3xu.fsf@yahoo.com> (message from Po Lu on Thu, 09 Mar 2023 08:50:21 +0800) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:304163 Archived-At: > From: Po Lu > Cc: Ulrich Mueller , rpluim@gmail.com, emacs-devel@gnu.org > Date: Thu, 09 Mar 2023 08:50:21 +0800 > > Eli Zaretskii writes: > > > I hope it is, but I thought this about Bash as well... > > sed is be portable as long as you avoid alternation, separators in > patterns, empty parenthesized patterns, character classes, nested > parentheses, and some other pitfalls which don't immediately come to > mind. I meant its being installed, not what it can portably accept. If there are GNU systems out there without Bash (oh, horror!), then anything goes. What next? GNU systems without Coreutils or Grep or Find? Systems without GCC (or any compiler) are already widespread. The end of the world must be near...