From: "Stephen J. Turnbull" <stephen@xemacs.org>
To: Eli Zaretskii <eliz@gnu.org>
Cc: Random832 <random832@fastmail.com>, emacs-devel@gnu.org
Subject: Re: [PATCH] Add shell-quasiquote.
Date: Mon, 19 Oct 2015 13:32:51 +0900 [thread overview]
Message-ID: <22052.29299.917171.338544@turnbull.sk.tsukuba.ac.jp> (raw)
In-Reply-To: <83fv18hs32.fsf@gnu.org>
Eli Zaretskii writes:
> Random832 writes:
> > Yes, sorry. A typical Windows program (at least, one compiled with
> > MSVC's setargv.obj) will try to interpret wildcards in any part of
> > CommandLineToArgv's result which contains a ? or * character, with
> > no provision to prevent it from doing so. (In particular, double
> > quotes have no effect).
>
> This actually depends on the startup code. The latest release of
> mingw.org's MinGW runtime does allow you to quote wildcard characters.
> And on Windows XP and older even the other runtimes allow that.
>
> In any case, this is not an Emacs problem.
Of course it is, in a security context. I don't think it matters
anywhere near as much as code injection, but if Emacs is built with
one of those runtimes that doesn't allow wildcards to be disabled, its
users will be affected.
I think it probably can be immediately judged irrelevant (and perhaps
that's what you meant) if Emacs is normally built with a runtime that
doesn't interpret quoted wildcards, and the runtimes that always
interpret wildcards are not supported. But if Emacs is to meet modern
security standards, that kind of thing needs to be considered and
confirmed, and to that extent it *is* Emacs's problem. Clearly some
developers of Emacs Lisp applications want Emacs to meet those
standards. YMMV, and mine does:
IMHO Emacs is unlikely to meet modern security standards in my
lifetime. I am discouraged from even thinking about it when the
advocates of security are passing strings to an unknown shell program
and then complaining that Emacs's quoting function may be insecure.
Putting a shell in the loop is already saying "Security? What, me
worry??" After all, even if you check for POSIX, it might be a
slightly dated installation of GNU Bash. :-(
next prev parent reply other threads:[~2015-10-19 4:32 UTC|newest]
Thread overview: 211+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-17 16:33 [PATCH] Add shell-quasiquote Taylan Ulrich Bayırlı/Kammer
2015-10-17 16:53 ` Eli Zaretskii
2015-10-17 17:14 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 17:28 ` Eli Zaretskii
2015-10-17 18:23 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 19:09 ` Eli Zaretskii
2015-10-17 20:28 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 20:44 ` Dmitry Gutov
2015-10-17 21:25 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 21:32 ` Dmitry Gutov
2015-10-17 22:00 ` Taylan Ulrich Bayırlı/Kammer
2015-10-18 7:55 ` Michael Albinus
2015-10-18 10:07 ` Taylan Ulrich Bayırlı/Kammer
2015-10-18 10:55 ` Michael Albinus
2015-10-18 12:59 ` Random832
2015-10-18 13:36 ` Taylan Ulrich Bayırlı/Kammer
2015-10-18 15:06 ` Michael Albinus
2015-10-18 17:32 ` Eli Zaretskii
2015-10-18 19:17 ` Random832
2015-10-18 19:52 ` Eli Zaretskii
2015-10-19 4:32 ` Stephen J. Turnbull [this message]
2015-10-19 5:15 ` Eli Zaretskii
2015-10-19 5:19 ` Daniel Colascione
2015-10-19 5:56 ` Eli Zaretskii
2015-10-19 8:16 ` Taylan Ulrich Bayırlı/Kammer
2015-10-31 17:03 ` Kai Großjohann
2015-10-31 16:50 ` Kai Großjohann
2015-10-31 19:03 ` Michael Albinus
2015-10-17 22:09 ` Random832
2015-10-17 22:45 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 20:47 ` Paul Eggert
2015-10-17 21:20 ` Random832
2015-10-17 21:35 ` Paul Eggert
2015-10-17 21:27 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 21:53 ` Paul Eggert
2015-10-17 22:22 ` Taylan Ulrich Bayırlı/Kammer
2015-10-18 2:40 ` Paul Eggert
2015-10-18 10:03 ` Taylan Ulrich Bayırlı/Kammer
2015-10-18 15:54 ` Eli Zaretskii
2015-10-18 16:40 ` Taylan Ulrich Bayırlı/Kammer
2015-10-18 17:48 ` John Wiegley
2015-10-18 2:47 ` Eli Zaretskii
2015-10-18 13:35 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 19:14 ` Random832
2015-10-17 19:44 ` Eli Zaretskii
2015-10-17 20:43 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 21:01 ` Random832
2015-10-17 17:23 ` Artur Malabarba
2015-10-17 18:11 ` Taylan Ulrich Bayırlı/Kammer
2015-10-17 18:42 ` Artur Malabarba
2015-10-19 12:35 ` Taylan Ulrich Bayırlı/Kammer
2015-10-19 12:59 ` David Kastrup
2015-10-19 13:09 ` Taylan Ulrich Bayırlı/Kammer
2015-10-19 13:48 ` Random832
2015-10-19 13:53 ` Taylan Ulrich Bayırlı/Kammer
2015-10-19 15:10 ` Paul Eggert
2015-10-19 17:06 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 1:41 ` Paul Eggert
2015-10-20 7:41 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 10:16 ` Nicolas Richard
2015-10-20 15:47 ` Dmitry Gutov
2015-10-20 16:41 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 16:59 ` Dmitry Gutov
2015-10-20 17:32 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 17:41 ` Dmitry Gutov
2015-10-20 17:58 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 18:11 ` Dmitry Gutov
2015-10-20 18:19 ` Eli Zaretskii
2015-10-20 23:34 ` Contributors and maintainers (Was: [PATCH] Add shell-quasiquote.) John Wiegley
2015-10-21 7:29 ` Contributors and maintainers Taylan Ulrich Bayırlı/Kammer
2015-10-21 8:27 ` Werner LEMBERG
2015-10-21 8:45 ` David Kastrup
2015-10-21 12:03 ` Taylan Ulrich Bayırlı/Kammer
2015-10-21 14:22 ` Eli Zaretskii
2015-10-21 14:40 ` David Kastrup
2015-10-21 16:05 ` Taylan Ulrich Bayırlı/Kammer
2015-10-21 18:16 ` Stephen J. Turnbull
2015-10-21 18:37 ` John Wiegley
2015-10-21 14:34 ` Tassilo Horn
2015-10-21 16:53 ` John Wiegley
2015-10-21 17:24 ` Taylan Ulrich Bayırlı/Kammer
2015-10-21 18:49 ` John Wiegley
2015-10-21 14:07 ` Eli Zaretskii
2015-10-21 14:36 ` Taylan Ulrich Bayırlı/Kammer
2015-10-21 15:44 ` David Kastrup
2015-10-21 16:23 ` Eli Zaretskii
2015-10-21 17:22 ` Taylan Ulrich Bayırlı/Kammer
2015-10-21 17:41 ` Eli Zaretskii
2015-10-21 19:58 ` Taylan Ulrich Bayırlı/Kammer
2015-10-21 21:21 ` John Wiegley
2015-10-21 23:12 ` David Kastrup
2015-10-22 14:38 ` Eli Zaretskii
2015-10-21 14:45 ` Jay Belanger
2015-10-21 17:05 ` John Wiegley
2015-10-21 17:46 ` Taylan Ulrich Bayırlı/Kammer
2015-10-21 18:12 ` John Wiegley
2015-10-21 18:19 ` Eli Zaretskii
2015-10-21 18:18 ` Stephen J. Turnbull
2015-10-21 18:54 ` John Wiegley
2015-10-22 5:40 ` Maintainers and contributors (was: Contributors and maintainers) John Wiegley
2015-10-22 7:20 ` Maintainers and contributors David Kastrup
2015-10-22 10:34 ` Maintainers and contributors (was: Contributors and maintainers) Artur Malabarba
2015-10-22 11:08 ` Maintainers and contributors David Kastrup
2015-10-22 11:55 ` Artur Malabarba
2015-10-22 12:04 ` Dmitry Gutov
2015-10-22 12:32 ` David Kastrup
2015-10-22 15:10 ` Eli Zaretskii
2015-10-22 18:27 ` John Wiegley
2015-10-22 19:08 ` Dmitry Gutov
2015-10-22 23:37 ` John Wiegley
2015-10-23 0:37 ` Jay Belanger
2015-10-22 18:58 ` Jay Belanger
2015-10-21 3:25 ` [PATCH] Add shell-quasiquote Random832
2015-10-21 4:30 ` David Kastrup
2015-10-21 14:05 ` Eli Zaretskii
2015-10-21 14:18 ` Random832
2015-10-21 14:40 ` Michael Albinus
2015-10-21 16:19 ` Eli Zaretskii
2015-10-21 16:37 ` David Kastrup
2015-10-21 17:18 ` Eli Zaretskii
2015-10-21 17:06 ` Random832
2015-10-21 17:32 ` Eli Zaretskii
2015-10-21 18:11 ` Stephen J. Turnbull
2015-10-21 18:24 ` David Kastrup
2015-10-26 12:58 ` Steinar Bang
2015-10-21 18:24 ` Wolfgang Jenkner
2015-10-21 18:44 ` Eli Zaretskii
2015-10-21 18:57 ` Wolfgang Jenkner
2015-10-21 19:10 ` Eli Zaretskii
2015-10-21 19:30 ` John Wiegley
2015-10-22 10:54 ` Wolfgang Jenkner
2015-10-22 11:21 ` Jeff Clough
2015-10-22 12:47 ` David Kastrup
2015-10-22 15:11 ` Eli Zaretskii
2015-10-22 15:23 ` David Kastrup
2015-10-22 15:51 ` Andreas Schwab
2015-10-22 13:09 ` Wolfgang Jenkner
2015-10-22 15:03 ` Eli Zaretskii
2015-10-22 15:12 ` David Kastrup
2015-11-06 23:35 ` Kai Großjohann
2015-11-07 7:51 ` Eli Zaretskii
2015-10-22 15:41 ` Paul Eggert
2015-10-22 15:52 ` Eli Zaretskii
2015-10-22 17:25 ` Wolfgang Jenkner
2015-10-21 18:11 ` David Kastrup
2015-10-21 18:49 ` Random832
2015-10-21 19:03 ` Eli Zaretskii
2015-10-21 19:10 ` Random832
2015-10-21 19:21 ` Eli Zaretskii
2015-10-21 19:50 ` Random832
2015-10-22 2:38 ` Eli Zaretskii
2015-10-22 7:03 ` David Kastrup
2015-10-22 13:41 ` Random832
2015-10-22 13:53 ` David Kastrup
2015-10-22 14:41 ` Random832
2015-10-22 14:50 ` David Kastrup
2015-10-22 16:18 ` Stephen J. Turnbull
2015-10-22 15:20 ` Eli Zaretskii
2015-11-01 18:39 ` Kai Großjohann
2015-11-01 20:39 ` Eli Zaretskii
2015-11-01 22:34 ` Michael Albinus
2015-10-20 19:00 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 19:48 ` Werner LEMBERG
2015-10-20 20:47 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 21:08 ` Werner LEMBERG
2015-10-21 14:09 ` Eli Zaretskii
2015-10-21 18:22 ` John Wiegley
2015-10-20 16:21 ` Paul Eggert
2015-10-20 17:11 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 17:22 ` Paul Eggert
2015-10-20 17:36 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 18:12 ` Paul Eggert
2015-10-20 18:21 ` Eli Zaretskii
2015-10-20 18:55 ` Taylan Ulrich Bayırlı/Kammer
2015-10-22 3:35 ` Paul Eggert
2015-10-19 13:22 ` Eli Zaretskii
2015-10-19 13:36 ` Taylan Ulrich Bayırlı/Kammer
2015-10-19 13:56 ` Eli Zaretskii
2015-10-19 13:41 ` Artur Malabarba
2015-10-19 13:43 ` Taylan Ulrich Bayırlı/Kammer
2015-10-19 13:55 ` Dmitry Gutov
2015-10-19 14:09 ` Taylan Ulrich Bayırlı/Kammer
2015-10-19 15:13 ` Dmitry Gutov
2015-10-19 17:08 ` Taylan Ulrich Bayırlı/Kammer
2015-10-19 17:11 ` Dmitry Gutov
2015-10-19 17:46 ` Eli Zaretskii
2015-10-20 4:35 ` Stephen J. Turnbull
2015-10-20 7:26 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 7:55 ` David Kastrup
2015-10-20 8:17 ` John Wiegley
2015-10-20 8:38 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 12:48 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 11:45 ` Becoming an Emacs contributor (was: [PATCH] Add shell-quasiquote.) Óscar Fuentes
2015-10-20 12:56 ` Becoming an Emacs contributor Taylan Ulrich Bayırlı/Kammer
2015-10-20 16:26 ` Eli Zaretskii
2015-10-20 17:32 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 17:41 ` Eli Zaretskii
2015-10-20 17:53 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 17:53 ` David Kastrup
2015-10-20 18:44 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 19:12 ` David Kastrup
2015-10-24 17:26 ` Nix
2015-10-20 16:47 ` Becoming an Emacs contributor (was: [PATCH] Add shell-quasiquote.) Kaushal Modi
2015-10-20 8:34 ` [PATCH] Add shell-quasiquote Taylan Ulrich Bayırlı/Kammer
2015-10-20 8:49 ` David Kastrup
2015-10-20 8:54 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 15:40 ` Eli Zaretskii
2015-10-20 16:31 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 16:51 ` Eli Zaretskii
2015-10-20 17:28 ` Taylan Ulrich Bayırlı/Kammer
2015-10-20 18:02 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22052.29299.917171.338544@turnbull.sk.tsukuba.ac.jp \
--to=stephen@xemacs.org \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=random832@fastmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.