From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: taylanbayirli@gmail.com (Taylan Ulrich =?utf-8?Q?Bay=C4=B1rl=C4=B1?=
	=?utf-8?Q?=2FKammer?=)
Newsgroups: gmane.emacs.devel
Subject: Re: [PATCH] Add shell-quasiquote.
Date: Sun, 18 Oct 2015 18:40:49 +0200
Message-ID: <87h9loqgdq.fsf@T420.taylan>
References: <87si59wj42.fsf@T420.taylan> <83eggt4esi.fsf@gnu.org>
	<87fv19wh7b.fsf@T420.taylan> <83bnbx4d7e.fsf@gnu.org>
	<87twppuzfu.fsf@T420.taylan> <83a8rh48if.fsf@gnu.org>
	<87io65utmt.fsf@T420.taylan> <5622B3C6.4030208@cs.ucla.edu>
	<871tctuqw5.fsf@T420.taylan> <5622C340.1050001@cs.ucla.edu>
	<87lhb1t9sm.fsf@T420.taylan> <56230695.4070501@cs.ucla.edu>
	<83y4f0i33y.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1445186470 13769 80.91.229.3 (18 Oct 2015 16:41:10 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 18 Oct 2015 16:41:10 +0000 (UTC)
Cc: Paul Eggert <eggert@cs.ucla.edu>, emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Oct 18 18:41:10 2015
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Znr1B-000778-Hl
	for ged-emacs-devel@m.gmane.org; Sun, 18 Oct 2015 18:41:09 +0200
Original-Received: from localhost ([::1]:34613 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Znr1A-0002Hz-TS
	for ged-emacs-devel@m.gmane.org; Sun, 18 Oct 2015 12:41:08 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37428)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <taylanbayirli@gmail.com>) id 1Znr0u-0002FP-N1
	for emacs-devel@gnu.org; Sun, 18 Oct 2015 12:40:53 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <taylanbayirli@gmail.com>) id 1Znr0t-0003GL-P4
	for emacs-devel@gnu.org; Sun, 18 Oct 2015 12:40:52 -0400
Original-Received: from mail-wi0-x231.google.com ([2a00:1450:400c:c05::231]:35399)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <taylanbayirli@gmail.com>)
	id 1Znr0t-0003GE-98; Sun, 18 Oct 2015 12:40:51 -0400
Original-Received: by wicll6 with SMTP id ll6so66390055wic.0;
	Sun, 18 Oct 2015 09:40:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:references:date:in-reply-to:message-id
	:user-agent:mime-version:content-type:content-transfer-encoding;
	bh=8/1ynzVCP49/tHzniEgfPdcDfBDyEeOZ4NydSmYQOE0=;
	b=dYMvcxe0R28JCT0xth7oFrl1BmnXLg7KaNWY/vptAEqG39Bv7vIoZgjYtlm5WKmL90
	XJESwk+SFlUgeGXZnu27wIn422LzV8Frl1WD9CDLqRSr8VaCZohRIuezOrI8QtByH+PI
	ylwpoZGSZiJd3dJVi0l8kUs2dU4PbOB5RwQPQtqYjz+lspl015sDR0lu9lplUq545eHs
	WE7LSsD+jCtVRDTqKa4xQW5XKxl0wFHuJQKV+UcIrMjdarZurGUQZrm2RQrUuQmpROlZ
	K6VwJXVcDaEjcIRoH/XICGdXzrysPufT9sdtb3NqG6u4PdYIYHcn5S0E0JZouR+/dSZA
	XONw==
X-Received: by 10.194.110.37 with SMTP id hx5mr28614344wjb.149.1445186450791; 
	Sun, 18 Oct 2015 09:40:50 -0700 (PDT)
Original-Received: from T420.taylan ([2a02:908:c32:4740:221:ccff:fe66:68f0])
	by smtp.gmail.com with ESMTPSA id
	q1sm34910572wje.39.2015.10.18.09.40.49
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sun, 18 Oct 2015 09:40:49 -0700 (PDT)
In-Reply-To: <83y4f0i33y.fsf@gnu.org> (Eli Zaretskii's message of "Sun, 18 Oct
	2015 18:54:41 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:400c:c05::231
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:191969
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/191969>

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Paul Eggert <eggert@cs.ucla.edu>
>> Date: Sat, 17 Oct 2015 19:40:21 -0700
>> Cc: emacs-devel@gnu.org
>>=20
>> Taylan Ulrich Bay=C4=B1rl=C4=B1/Kammer wrote:
>> > Please tell me which shells shell-quote-argument is guaranteed to work
>> > safely on
>>=20
>> Nobody can tell you that. What we can tell you is that shell-quote-argum=
ent=20
>> works on a superset of uses that shqq--quote-string works on. The trust-=
based=20
>> arguments against using shell-quote-argument all apply, with greater for=
ce,=20
>> against using shqq--quote-string. For example, shqq--quote-string is mor=
e=20
>> vulnerable to code-injection attacks than shell-quote-argument is.
>>=20
>> I am not a fan of non-POSIX shells. They are a hassle to deal with and c=
an cause=20
>> significant problems in Emacs maintenance. In areas where they are a sig=
nificant=20
>> problem, we don't need to support them. But this particular instance is =
not a=20
>> significant problem. Emacs already has a portable, tested, easy-to-use f=
unction=20
>> to quote shell arguments, and there's good reason to use it here.
>
> I completely agree with everything Paul wrote here.

And as I already said, code injection is far from "not a significant
problem."  I hope everyone here agrees with that.

But anyway, we should discuss this on the bug report ML.

Taylan