From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: taylanbayirli@gmail.com (Taylan Ulrich =?utf-8?Q?Bay=C4=B1rl=C4=B1?= =?utf-8?Q?=2FKammer?=) Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] Add shell-quasiquote. Date: Mon, 19 Oct 2015 10:16:18 +0200 Message-ID: <878u6zp92l.fsf@T420.taylan> References: <87si59wj42.fsf@T420.taylan> <83eggt4esi.fsf@gnu.org> <87fv19wh7b.fsf@T420.taylan> <83bnbx4d7e.fsf@gnu.org> <87twppuzfu.fsf@T420.taylan> <83a8rh48if.fsf@gnu.org> <87io65utmt.fsf@T420.taylan> <5622B337.4050700@yandex.ru> <876125uqzw.fsf@T420.taylan> <5622BE84.8030209@yandex.ru> <87twpptato.fsf@T420.taylan> <87pp0cehly.fsf@gmx.de> <878u70trqz.fsf@T420.taylan> <87si58phte.fsf@gmx.de> <87io648h8r.fsf@fastmail.com> <83oafwhykw.fsf@gnu.org> <8737x87zq6.fsf@fastmail.com> <83fv18hs32.fsf@gnu.org> <22052.29299.917171.338544@turnbull.sk.tsukuba.ac.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1445242634 25605 80.91.229.3 (19 Oct 2015 08:17:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 19 Oct 2015 08:17:14 +0000 (UTC) Cc: Random832 , Eli Zaretskii , emacs-devel@gnu.org To: "Stephen J. Turnbull" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Oct 19 10:17:13 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Zo5cz-0006Ws-5U for ged-emacs-devel@m.gmane.org; Mon, 19 Oct 2015 10:17:09 +0200 Original-Received: from localhost ([::1]:37278 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zo5ct-0003Md-8q for ged-emacs-devel@m.gmane.org; Mon, 19 Oct 2015 04:17:03 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42484) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zo5cF-0003MQ-00 for emacs-devel@gnu.org; Mon, 19 Oct 2015 04:16:24 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zo5cD-0007KP-97 for emacs-devel@gnu.org; Mon, 19 Oct 2015 04:16:22 -0400 Original-Received: from mail-wi0-x231.google.com ([2a00:1450:400c:c05::231]:33780) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zo5cD-0007K2-2T; Mon, 19 Oct 2015 04:16:21 -0400 Original-Received: by wijp11 with SMTP id p11so87893813wij.0; Mon, 19 Oct 2015 01:16:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=H/smuaN75CjRKQc740PDTgbqHn2JZYDILi1Cvi9DDlo=; b=twpMnbfmzo/5nsoFME3ftMOSqh94LPwUe4mJgZorz58l9zcX8cPejKbsjSUdzDtiNF YPm/DbU6j4O0oyQCmdryYGMSWtrvbgWdKz0E9Czr9O0WGk1A4b9/V+c6yt6QmAfDx2te 5prkWSPdvu2aGIOL/THrgNcgJBv15guzwykXiaNzETyKbrWJ64iLQ3vim/WmFksV0iCL cTcSEMjn664/5IaBHufZXQQBLOEfoNbjYNo+icxNQzC9oqmu/nNrQWoJ6IUhgNOIiERC afPVDx7LGP9elDsWk915/4a5eloaqrvAIfMM55qtv45R/8u69wmne8mhMjISa8Zt6XsD LmbQ== X-Received: by 10.194.242.167 with SMTP id wr7mr31464334wjc.27.1445242580227; Mon, 19 Oct 2015 01:16:20 -0700 (PDT) Original-Received: from T420.taylan ([2a02:908:c32:4740:221:ccff:fe66:68f0]) by smtp.gmail.com with ESMTPSA id q1sm38611123wje.39.2015.10.19.01.16.18 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Oct 2015 01:16:19 -0700 (PDT) In-Reply-To: <22052.29299.917171.338544@turnbull.sk.tsukuba.ac.jp> (Stephen J. Turnbull's message of "Mon, 19 Oct 2015 13:32:51 +0900") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c05::231 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:192044 Archived-At: "Stephen J. Turnbull" writes: > IMHO Emacs is unlikely to meet modern security standards in my > lifetime. I am discouraged from even thinking about it when the > advocates of security are passing strings to an unknown shell program > and then complaining that Emacs's quoting function may be insecure. > Putting a shell in the loop is already saying "Security? What, me > worry??" After all, even if you check for POSIX, it might be a > slightly dated installation of GNU Bash. :-( I have to confess that's a good point. Maybe it's silly to even ask for security, in general, when it comes to generating shell commands. Then again consider a fairly simple but still pretty useful example like: (shqq (cp -- ,@files target)) When the resulting string is passed verbatim as a command to a POSIX shell, there's really no place for error there, so long as it's ensured that each member of 'files' will be inserted verbatim into the ARGV of cp(1). Most commands will look more or less like that... On a tangentially related topic, I just discovered there's more semantic differences between using shqq--quote-string and shell-quote-argument. The former quotes *everything*, e.g. "if" becomes "'if'", meaning you cannot use shell keywords. After a bit of pondering, I would say that's a feature. (Try constructing an if statement with shqq even when it uses shell-quote-argument. You can't (without the "double-unquote") because you can't insert a bare newline or semicolon anyway.) Taylan