From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in
 emacsclient-mail.desktop
Date: Thu, 09 Mar 2023 11:50:43 +0100
Message-ID: <87edpynqpo.fsf@gmail.com>
References: <167821009581.14664.5608674978571454819@vcs2.savannah.gnu.org>
 <20230307172816.2D56BC13915@vcs2.savannah.gnu.org>
 <877cvsozn5.fsf@yahoo.com> <umt4ornv3@gentoo.org>
 <87zg8onfob.fsf@yahoo.com> <ucz5jsogr@gentoo.org>
 <87r0tzoeam.fsf@yahoo.com> <u1qlzskwb@gentoo.org>
 <87a60no7su.fsf@yahoo.com> <usfefr0gr@gentoo.org>
 <87edpzplom.fsf@gmail.com> <ulek7qz45@gentoo.org>
 <uedpzqy5y@gentoo.org> <87a60npirc.fsf@gmail.com>
 <83mt4n49az.fsf@gnu.org>
 <a93bb479-13b7-b637-2b70-49a4802d080e@gmail.com>
 <87wn3rnos1.fsf@gmail.com>
 <560b874e-f67e-0b45-d489-8a45c4d8312d@gmail.com>
 <87sfeenuft.fsf@gmail.com> <878rg6jkby.fsf@yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="38610"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: Jim Porter <jporterbugs@gmail.com>,  Eli Zaretskii <eliz@gnu.org>,
 ulm@gentoo.org,  emacs-devel@gnu.org
To: Po Lu <luangruo@yahoo.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Mar 09 11:51:51 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1paDsE-0009p5-Hm
	for ged-emacs-devel@m.gmane-mx.org; Thu, 09 Mar 2023 11:51:50 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1paDrM-0001bU-2v; Thu, 09 Mar 2023 05:50:56 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rpluim@gmail.com>) id 1paDrK-0001bK-2j
 for emacs-devel@gnu.org; Thu, 09 Mar 2023 05:50:54 -0500
Original-Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <rpluim@gmail.com>)
 id 1paDrH-0002Vv-Vy; Thu, 09 Mar 2023 05:50:53 -0500
Original-Received: by mail-wm1-x331.google.com with SMTP id
 fm20-20020a05600c0c1400b003ead37e6588so3246951wmb.5; 
 Thu, 09 Mar 2023 02:50:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20210112; t=1678359045;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=HsFC5ytq1pce3GMmDk2S7eiZUrEkjj9G0QcFe9AJuhw=;
 b=ISyqjo8FAO1lxtDsbhjG1t4uiEmJEZziv8eHgJZBK1VjIiud6pjJgcs9W6iUoXWMGM
 XO322qBqYVMiki37wP/rFmNhFIOlSkkb2a80wVIv3bEGFAFiIUe7k/0XerUrXDO1PwCZ
 WcB2UMuMSj80rLlGxJKyTgJSx7VxzoZfDpBY3GCR3i/Ybfqd4GC0SVAbeA+d63Q3gz+K
 XuLr8w21tOUaXDBnMJ9U6J8cX3MpUOO7V8USCGM94mdYEfyx7SL9AgII3ZzsvHEOeErV
 8RG2T5BwgmDSBUu5AUhHDFiHtTQ6C0CSuZ0+t3A0Cu8065RzUdCm0HCzyDnK/IhbF3zp
 MMqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1678359045;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=HsFC5ytq1pce3GMmDk2S7eiZUrEkjj9G0QcFe9AJuhw=;
 b=saYcC0ZvrhNpX8QfiB9e1/64aAa72dEcxMHsh6YzJYhLs2GkiYs6cZ9PQqG4KHWCCw
 VjRRHgCG5bvWc6R1SY7RW1dtvBSZZdna9G+AL/4ELLun/IbOmaXAd0qgXZi6hMQmDg0H
 PRyDydKzO55z67iVvl2UhwDFBXpbxS5FG91Gl7PCHzxquUudxjO9Rr3XZfGFLvhhtV45
 jfHFOtoa7nWTRnsfLcOC/PcjUbXQuwzIeMV1C6JZQ4q/tePcp+vTtBSIpZAYC6eeyAdA
 TU/giqAiWUgrMyDei5XC9IXstlX/rm9DMZY/TbxAvywc/IbQ+v3CL7AIYwdjmH0590Ey
 5EHQ==
X-Gm-Message-State: AO0yUKUMhEZLEA3iv3o+zlK0pvIDF86RrUR0NOIULx0ZZ6kuGI7pOMOq
 IE/qwKQd125WtKbgwmq80vIbD7qAYnc=
X-Google-Smtp-Source: AK7set+9dkZH7myi7hcfvbQT1SNK/zorfYtEPErLjnKjuq9Gkz+2oKG54gUlc7/7zC5W/bnHwaBjDw==
X-Received: by 2002:a05:600c:4ece:b0:3df:eecc:de2b with SMTP id
 g14-20020a05600c4ece00b003dfeeccde2bmr18762124wmq.11.1678359045051; 
 Thu, 09 Mar 2023 02:50:45 -0800 (PST)
Original-Received: from rltb ([82.66.8.55]) by smtp.gmail.com with ESMTPSA id
 d7-20020a05600c3ac700b003e0015c8618sm2219412wms.6.2023.03.09.02.50.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 09 Mar 2023 02:50:44 -0800 (PST)
In-Reply-To: <878rg6jkby.fsf@yahoo.com> (Po Lu's message of "Thu, 09 Mar 2023
 18:22:09 +0800")
Received-SPF: pass client-ip=2a00:1450:4864:20::331;
 envelope-from=rpluim@gmail.com; helo=mail-wm1-x331.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:304183
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/304183>

>>>>> On Thu, 09 Mar 2023 18:22:09 +0800, Po Lu <luangruo@yahoo.com> said:

    Po> I'm not quite familiar with emacsclient, but can't we have emacscli=
ent
    Po> run Lisp from stdin?  That sounds much more flexible.

That=CA=BCs already supported, just run 'emacsclient --eval' and it will
read from stdin.

Robert
--=20