From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] Add shell-quasiquote. Date: Sat, 17 Oct 2015 22:09:28 +0300 Message-ID: <83a8rh48if.fsf@gnu.org> References: <87si59wj42.fsf@T420.taylan> <83eggt4esi.fsf@gnu.org> <87fv19wh7b.fsf@T420.taylan> <83bnbx4d7e.fsf@gnu.org> <87twppuzfu.fsf@T420.taylan> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Trace: ger.gmane.org 1445108993 1931 80.91.229.3 (17 Oct 2015 19:09:53 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 17 Oct 2015 19:09:53 +0000 (UTC) Cc: emacs-devel@gnu.org To: taylanbayirli@gmail.com (Taylan Ulrich =?utf-8?Q?Bay=C4=B1rl=C4=B1=2FK?= =?utf-8?Q?ammer?=) Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Oct 17 21:09:43 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZnWrO-0007Z2-Iy for ged-emacs-devel@m.gmane.org; Sat, 17 Oct 2015 21:09:42 +0200 Original-Received: from localhost ([::1]:59512 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZnWrN-0004XD-Go for ged-emacs-devel@m.gmane.org; Sat, 17 Oct 2015 15:09:41 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42339) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZnWrA-0004X8-VA for emacs-devel@gnu.org; Sat, 17 Oct 2015 15:09:29 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZnWr7-0004h2-OZ for emacs-devel@gnu.org; Sat, 17 Oct 2015 15:09:28 -0400 Original-Received: from mtaout28.012.net.il ([80.179.55.184]:41958) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZnWr7-0004gD-Bg for emacs-devel@gnu.org; Sat, 17 Oct 2015 15:09:25 -0400 Original-Received: from conversion-daemon.mtaout28.012.net.il by mtaout28.012.net.il (HyperSendmail v2007.08) id <0NWD00M00OVFUP00@mtaout28.012.net.il> for emacs-devel@gnu.org; Sat, 17 Oct 2015 22:08:40 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([84.94.185.246]) by mtaout28.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NWD00FSEP6GIF70@mtaout28.012.net.il>; Sat, 17 Oct 2015 22:08:40 +0300 (IDT) In-reply-to: <87twppuzfu.fsf@T420.taylan> X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 80.179.55.184 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:191873 Archived-At: > From: taylanbayirli@gmail.com (Taylan Ulrich Bay=C4=B1rl=C4=B1/Kamm= er) > Cc: emacs-devel@gnu.org > Date: Sat, 17 Oct 2015 20:23:17 +0200 >=20 > > I don't think we'd like to have packages limited in that way. AF= AIK, > > we didn't until now, at least not consciously. >=20 > Quoting RMS, coincidentally from a couple days ago: >=20 > The policy is non-GNU systems are secondary, and lower priority= than > the GNU system, but we are glad to include support for them in = GNU > packages if users contribute the necessary code -- provided tha= t > code isn't a maintenance problem for us. >=20 > The maintenainers of any particular package are the ones who ju= dge > whether that code is a maintenance problem, since they are the = ones > it would be a problem for. I don't see how this is relevant for the issue at hand, since the necessary code (the shell-quote-argument function) was already contributed to Emacs years ago, and is used in many places in core Emacs. There's no extra effort needed to support more platforms, jus= t replace one function with another. > I generally don't want to take responsibility of my code being used= on > non-GNU/non-POSIX systems, but if I can share the responsibility th= en > that's fine. You are sharing the responsibility with a long line of Emacs developers, all of whom use this function. I don't see anything you should worry about, really. > > And it really isn't a big deal. Emacs already has all the > > infrastructure for portable handling of shell commands. > > > >> How much can I rely on shell-quote-argument? > > > > You can rely on it. Emacs uses it in umpteen important places. > > > >> Can one fully rely on it being safe against code injection? > > > > I don't think I understand what code injection you had in mind. > > Please elaborate. >=20 > (let ((file-list (read where-ever))) > (shqq (cp -- ,@file-list some-place))) >=20 > That code is *guaranteed* to either copy the files in file-list to > some-place, or error, so long as the argument quoting by shqq works > well. If it has a bug, then malicious input from where-ever may be= able > to execute arbitrary shell commands. >=20 > Is shell-quote-argument safe against such a thing? My shqq-quote-s= tring > isn't exactly formally proven to be safe either, but its implementa= tion > is so simple it's fairly obvious that it doesn't contain bugs. Please take a look at the implementation of shell-quote-argument. It uses the same interfaces as your implementation, no more, no less. I= f your implementation is safe, then so is shell-quote-argument.