From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Ulrich Mueller <ulm@gentoo.org>
Newsgroups: gmane.emacs.devel
Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in
 emacsclient-mail.desktop
Date: Wed, 08 Mar 2023 03:14:08 +0100
Message-ID: <umt4ornv3@gentoo.org>
References: <167821009581.14664.5608674978571454819@vcs2.savannah.gnu.org>
 <20230307172816.2D56BC13915@vcs2.savannah.gnu.org>
 <877cvsozn5.fsf@yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="3172"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.3 (gnu/linux)
Cc: emacs-devel@gnu.org
To: Po Lu <luangruo@yahoo.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Mar 08 03:15:19 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1pZjKp-0000fn-8u
	for ged-emacs-devel@m.gmane-mx.org; Wed, 08 Mar 2023 03:15:19 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1pZjJu-0006E3-FI; Tue, 07 Mar 2023 21:14:22 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ulm@gentoo.org>) id 1pZjJn-0006Di-K1
 for emacs-devel@gnu.org; Tue, 07 Mar 2023 21:14:16 -0500
Original-Received: from woodpecker.gentoo.org ([140.211.166.183] helo=smtp.gentoo.org)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
 (Exim 4.90_1) (envelope-from <ulm@gentoo.org>) id 1pZjJl-0007qZ-PH
 for emacs-devel@gnu.org; Tue, 07 Mar 2023 21:14:15 -0500
In-Reply-To: <877cvsozn5.fsf@yahoo.com> (Po Lu's message of "Wed, 08 Mar 2023
 08:27:58 +0800")
Received-SPF: pass client-ip=140.211.166.183; envelope-from=ulm@gentoo.org;
 helo=smtp.gentoo.org
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
 RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:304100
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/304100>

>>>>> On Wed, 08 Mar 2023, Po Lu wrote:

> Ulrich M=C3=BCller <ulm@gentoo.org> writes:
>> Categories=3DNetwork;Email;
>> Comment=3DGNU Emacs is an extensible, customizable text editor - and more
>> -Exec=3Dsh -c "exec emacsclient --alternate-editor=3D --display=3D\\"\\$=
DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
>> +# We want to pass the following commands to the shell wrapper:
>> +# u=3D${1//\\/\\\\}; u=3D${u//\"/\\\"}; exec emacsclient --alternate-ed=
itor=3D --display=3D"$DISPLAY" --eval "(message-mailto \"$u\")"
>> +# Special chars '"', '$', and '\' must be escaped as '\\"', '\\$', and =
'\\\\'.
>> +Exec=3Dbash -c "u=3D\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=3D\\${u//\\\\\=
\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor=3D --display=3D\\"=
\\$DISPLAY\\" --eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
>> Icon=3Demacs
>> Name=3DEmacs (Mail, Client)
>> MimeType=3Dx-scheme-handler/mailto;
>> @@ -13,7 +16,7 @@ Actions=3Dnew-window;new-instance;
>>=20
>> [Desktop Action new-window]
>> Name=3DNew Window
>> -Exec=3Dsh -c "exec emacsclient --alternate-editor=3D --create-frame --e=
val \\"(message-mailto \\\\\\"\\$1\\\\\\")\\"" sh %u
>> +Exec=3Dbash -c "u=3D\\${1//\\\\\\\\/\\\\\\\\\\\\\\\\}; u=3D\\${u//\\\\\=
\"/\\\\\\\\\\\\\\"}; exec emacsclient --alternate-editor=3D --create-frame =
--eval \\"(message-mailto \\\\\\"\\$u\\\\\\")\\"" bash %u
>>=20
>> [Desktop Action new-instance]
>> Name=3DNew Instance

> What if the system in question has no bash?

Then the desktop file won't work, obviously. The problem is that
${PARAMETER//PATTERN/STRING} substitution is not available in POSIX
parameter expansion. So with POSIX sh, an external program (e.g. sed)
would have to be called.

The long term solution (suggested by Stefan Monnier) might be to add
a --funcall option to emacsclient. Then there would be no need for a
shell wrapper, in the first place.

Should the Makefile skip installation of emacsclient-mail.desktop
when bash isn't available on the system?