From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in
 emacsclient-mail.desktop
Date: Wed, 08 Mar 2023 19:41:58 +0200
Message-ID: <838rg73ztl.fsf@gnu.org>
References: <167821009581.14664.5608674978571454819@vcs2.savannah.gnu.org>
 <20230307172816.2D56BC13915@vcs2.savannah.gnu.org>
 <877cvsozn5.fsf@yahoo.com> <umt4ornv3@gentoo.org>
 <87zg8onfob.fsf@yahoo.com> <ucz5jsogr@gentoo.org>
 <87r0tzoeam.fsf@yahoo.com> <u1qlzskwb@gentoo.org>
 <87a60no7su.fsf@yahoo.com> <usfefr0gr@gentoo.org>
 <87edpzplom.fsf@gmail.com> <ulek7qz45@gentoo.org>
 <uedpzqy5y@gentoo.org> <87a60npirc.fsf@gmail.com>
 <83mt4n49az.fsf@gnu.org>
 <a93bb479-13b7-b637-2b70-49a4802d080e@gmail.com> <87wn3rnos1.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="31874"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: jporterbugs@gmail.com, ulm@gentoo.org, luangruo@yahoo.com,
 emacs-devel@gnu.org
To: Robert Pluim <rpluim@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Mar 08 18:43:06 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1pZxof-00088a-HY
	for ged-emacs-devel@m.gmane-mx.org; Wed, 08 Mar 2023 18:43:05 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1pZxng-0004p4-4n; Wed, 08 Mar 2023 12:42:04 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>) id 1pZxnd-0004oL-B5
 for emacs-devel@gnu.org; Wed, 08 Mar 2023 12:42:01 -0500
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1pZxnc-0007qT-RD; Wed, 08 Mar 2023 12:42:00 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=n1TePBZ2AvxivLpTdspIIUm2yndh9/bUxcrt8DdSt3Q=; b=ZcY1l7/F/81S471jFUhQ
 0WTsEoJhmVb7nBs+PzThJqmwnm+RhOFZ6pafYXr/+JrKZvGT49w8tv4a/An045jZX7PpFEuva0z8e
 7Vntfx1i7B2yCrTr3rzvFGwv/XePZoonOGq27zLLDt0yDnyZB2WyW8vZEqWfeK8P63zB9hNCr3ZOm
 g1ZDA1D/FxVviMepUW6QrjCWpmHt0/LZutQ4B7YQM88zfvuA2/HKh30bD9QpOAA58OhJNYIJNVHgA
 6D91PG+qghbff7d3zHeJjhrCfXXBuyJsaInIyKYS9h/oKMuKyMxa2YYPIJTVYTgRWFy2yq+V35ZA/
 qSbdbBjhL4B0aQ==;
Original-Received: from [87.69.77.57] (helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1pZxnb-0003wj-6e; Wed, 08 Mar 2023 12:42:00 -0500
In-Reply-To: <87wn3rnos1.fsf@gmail.com> (message from Robert Pluim on Wed, 08
 Mar 2023 18:20:14 +0100)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:304148
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/304148>

> From: Robert Pluim <rpluim@gmail.com>
> Cc: Eli Zaretskii <eliz@gnu.org>,  ulm@gentoo.org,  luangruo@yahoo.com,
>   emacs-devel@gnu.org
> Date: Wed, 08 Mar 2023 18:20:14 +0100
> 
> >>>>> On Wed, 8 Mar 2023 09:03:30 -0800, Jim Porter <jporterbugs@gmail.com> said:
> 
>     Jim> In bug#57752, we'd discussed adding --apply to emacs and emacsclient,
>     Jim> which might work better for this case, as well as to make other
>     Jim> similar cases easier: Org mode uses some pretty extensive hacks in
>     Jim> order to get org-protocol:// URLs working in emacsclient, and
>     Jim> eliminating that would be very nice.
> 
> Thanks for the reference. Iʼve re-read the report, and the
> sort-of-consensus was that we needed '--apply' and a `set-arg'
> function.  Eli, would that be acceptable? (my patch called `apply'
> anyway, so itʼs not too big a change :-) )

That bug is again about these desktop files, and I'm _really_
uncomfortable with adding significant features on behalf of those.

If there's an important Org use case which could benefit from this,
let's discuss that instead, because each time someone mentions these
desktop files as a reason to make some change, my fingers
automatically want to type NOOO!!!