From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Newsgroups: gmane.emacs.devel Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop Date: Thu, 9 Mar 2023 09:20:51 +0100 Message-ID: References: <87r0tzoeam.fsf@yahoo.com> <87a60no7su.fsf@yahoo.com> <87edpzplom.fsf@gmail.com> <83o7p349f9.fsf@gnu.org> <87cz5in3xu.fsf@yahoo.com> <83pm9i2xye.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3J3mky7+ClJFM+XB" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="30362"; mail-complaints-to="usenet@ciao.gmane.io" To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Mar 09 09:21:26 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1paBWf-0007h3-Oo for ged-emacs-devel@m.gmane-mx.org; Thu, 09 Mar 2023 09:21:25 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1paBWE-0003uO-Bp; Thu, 09 Mar 2023 03:20:58 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1paBWC-0003uE-TD for emacs-devel@gnu.org; Thu, 09 Mar 2023 03:20:56 -0500 Original-Received: from mail.tuxteam.de ([5.199.139.25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1paBWA-0000yl-UO for emacs-devel@gnu.org; Thu, 09 Mar 2023 03:20:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tuxteam.de; s=mail; h=From:In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=hEtu9DpglIZX/AizfYPUQlc05u4WbB75gB/ywoYALfc=; b=dWQ1H/7Drya048oioBv1dPX2S3 OBbmYCB6Yw6dwi29bIxfm2uDdfiJV5IVQ4uzYESigiYLiMlwrRtzy7FMX885Cly83w8dtw0E0kJIN OdsMJwFKQNzcYQtU0Tt2fUX9o7JIVoph9ZAK1Cfz1Th98NNufClwne/dVPREc8EOOj4vAKXFcyfiz kCC+fS3OWdspsj94n8QNARNm256NKixesGzKEIOYK/TjQBYITAhfChtgN5VO0VCifhjlaZVSW/G7D Nj1Vfbx5qyIUOf23i7ur4H0ZyC9q5QCCqoVXQtlPOMBxvPTfRbPnOAHpgcKhmBzauf1LLRxzrsLrb IkJBtopg==; Original-Received: from tomas by mail.tuxteam.de with local (Exim 4.94.2) (envelope-from ) id 1paBW7-0002gj-LD for emacs-devel@gnu.org; Thu, 09 Mar 2023 09:20:51 +0100 Content-Disposition: inline In-Reply-To: <83pm9i2xye.fsf@gnu.org> Received-SPF: pass client-ip=5.199.139.25; envelope-from=tomas@tuxteam.de; helo=mail.tuxteam.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:304170 Archived-At: --3J3mky7+ClJFM+XB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 09, 2023 at 09:19:53AM +0200, Eli Zaretskii wrote: > > From: Po Lu > > Cc: Ulrich Mueller , rpluim@gmail.com, emacs-devel@gn= u.org > > Date: Thu, 09 Mar 2023 08:50:21 +0800 > >=20 > > Eli Zaretskii writes: > >=20 > > > I hope it is, but I thought this about Bash as well... > >=20 > > sed is be portable as long as you avoid alternation, separators in > > patterns, empty parenthesized patterns, character classes, nested > > parentheses, and some other pitfalls which don't immediately come to > > mind. >=20 > I meant its being installed, not what it can portably accept. If > there are GNU systems out there without Bash (oh, horror!), then > anything goes. >=20 > What next? GNU systems without Coreutils or Grep or Find? Systems > without GCC (or any compiler) are already widespread. The end of the > world must be near... POSIX is a pretty respectable baseline one might want to target. And guess what? Bash isn't the only POSIX shell. Now a project like Emacs could just say "what do I care about POSIX?". But that would be, IMHO, a disservice to free software. Cheers --=20 t --3J3mky7+ClJFM+XB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZAmW3QAKCRAFyCz1etHa RhdIAJ0SX6L15Z9DwE0Kkl+sueZX2OYegwCeO9RxcR3XKxkvO2Oe0zqYvMCKigM= =v+SM -----END PGP SIGNATURE----- --3J3mky7+ClJFM+XB--