From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] Add shell-quasiquote. Date: Tue, 20 Oct 2015 11:12:23 -0700 Organization: UCLA Computer Science Department Message-ID: <56268407.6060601@cs.ucla.edu> References: <87si59wj42.fsf@T420.taylan> <878u6znii9.fsf@T420.taylan> <877fmjj9p6.fsf@fencepost.gnu.org> <87zizfm2dq.fsf@T420.taylan> <871tcr7yvq.fsf@fastmail.com> <87mvvfm0bd.fsf@T420.taylan> <56250803.5080601@cs.ucla.edu> <87a8ren5ys.fsf@T420.taylan> <56259BB1.3070908@cs.ucla.edu> <878u6ykmvt.fsf@T420.taylan> <56266A24.6060004@cs.ucla.edu> <87r3kpihx0.fsf@T420.taylan> <5626783B.8020906@cs.ucla.edu> <87a8rdigs9.fsf@T420.taylan> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1445364790 32155 80.91.229.3 (20 Oct 2015 18:13:10 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 20 Oct 2015 18:13:10 +0000 (UTC) Cc: emacs-devel@gnu.org To: =?UTF-8?Q?Taylan_Ulrich_Bay=c4=b1rl=c4=b1/Kammer?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Oct 20 20:13:00 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZobP4-0001Rj-Oq for ged-emacs-devel@m.gmane.org; Tue, 20 Oct 2015 20:12:55 +0200 Original-Received: from localhost ([::1]:47419 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZobOz-0003iP-Ai for ged-emacs-devel@m.gmane.org; Tue, 20 Oct 2015 14:12:49 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37179) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZobOf-0003hN-0r for emacs-devel@gnu.org; Tue, 20 Oct 2015 14:12:30 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZobOb-0001jd-RH for emacs-devel@gnu.org; Tue, 20 Oct 2015 14:12:28 -0400 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:44254) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZobOb-0001jV-LU for emacs-devel@gnu.org; Tue, 20 Oct 2015 14:12:25 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id BD2A41608CE; Tue, 20 Oct 2015 11:12:24 -0700 (PDT) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id u5KRHK7JCRmi; Tue, 20 Oct 2015 11:12:24 -0700 (PDT) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 0F2911608D3; Tue, 20 Oct 2015 11:12:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id k0yPnH7OfQPb; Tue, 20 Oct 2015 11:12:23 -0700 (PDT) Original-Received: from [192.168.1.9] (pool-100-32-155-148.lsanca.fios.verizon.net [100.32.155.148]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id E5DA21608CE; Tue, 20 Oct 2015 11:12:23 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 In-Reply-To: <87a8rdigs9.fsf@T420.taylan> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 131.179.128.68 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:192220 Archived-At: Taylan Ulrich Bay=C4=B1rl=C4=B1/Kammer wrote: >> I must have missed it then, because all I remember are the cases (1) >> >of running /bin/if (which is trivial and is not a realistic example), >> >and (2) of installations with nonstandard shells (a problem that >> >shqq--quote-string does not fix). It has been a long thread; quite >> >possibly I missed something. > Yeah, you missed the part about risk of code injection.:-) Code injection occurs because of (2), right? So it's not a risk that=20 shqq--quote-string would put much of a dent in. I thought the complaint was about shell-quote-argument's implementation. = But if=20 it's merely about its documentation, then perhaps we can reword it to add= ress=20 your concerns. I briefly looked at your most recent docstring proposal in= =20 Bug#21702 and I'm afraid it is is pretty wordy and is not technically cor= rect.=20 For example, (shell-quote-argument "\0") does not produce a string that w= ill be=20 parsed as one token whose value will be exactly that of shell-quote-argum= ent's=20 argument in any POSIX-conforming shell. This is because you can't put NUL= =20 characters into a command argument in POSIX. It'd be better to have docstring wording that is shorter and conveys the = gist of=20 what shell-quote-argument is for, without going into a lot of technical d= etail=20 that will bog down the reader and may well be wrong anyway. Details about= what=20 is "safe" and what "safe" means can go into the manual.