From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Po Lu Newsgroups: gmane.emacs.devel Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop Date: Thu, 09 Mar 2023 15:25:59 +0800 Message-ID: <87a60ml720.fsf@yahoo.com> References: <167821009581.14664.5608674978571454819@vcs2.savannah.gnu.org> <20230307172816.2D56BC13915@vcs2.savannah.gnu.org> <877cvsozn5.fsf@yahoo.com> <87zg8onfob.fsf@yahoo.com> <87r0tzoeam.fsf@yahoo.com> <87a60no7su.fsf@yahoo.com> <87edpzplom.fsf@gmail.com> <83o7p349f9.fsf@gnu.org> <87cz5in3xu.fsf@yahoo.com> <83pm9i2xye.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="36776"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: ulm@gentoo.org, rpluim@gmail.com, emacs-devel@gnu.org To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Mar 09 08:26:38 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1paAfd-0009QB-7J for ged-emacs-devel@m.gmane-mx.org; Thu, 09 Mar 2023 08:26:37 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1paAfH-0003sj-K0; Thu, 09 Mar 2023 02:26:15 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1paAfF-0003sS-Qi for emacs-devel@gnu.org; Thu, 09 Mar 2023 02:26:13 -0500 Original-Received: from sonic301-1.consmr.mail.bf2.yahoo.com ([74.6.129.40]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1paAfD-00015g-RG for emacs-devel@gnu.org; Thu, 09 Mar 2023 02:26:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1678346770; bh=uKkwDBYgx9Nbqqz1HyseoszY0pnjrw1nQSpVGzQb5Sc=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=AYo+mo0/iU/sO56qZOBKwcWY0yRtzykizCPCGujMPLAE4aLOxS83sIo0bVD3Ox8MWTElAcu5CZRn/c3PS7JmEZ/wL6u8G64Vk48lNWQUeCSg1rN3j7cPMXprn58AeNTe6UzOVJzIcrcPIXRRWmu2eqy9Pe2LTEQ/Pt0eMBL8N4Am6EIFGYNVkwEOJY2iU/GtmuuJ3x79oU4gcEzg3t/JrTnNgHAz/qlesygKeNVaYU1N7vXw7wjVVfmGd1b5raafrALQnaRnSnXgE1jR/jdpNftNO49yaVMsGF9DzC+7an/HsF5RCOybI6XQ7ukdBCSUNlhLjCAsx6c9Du2YACNbfg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1678346770; bh=G56n3LeKrMGqSz4gZCqcawqtl9v+bsPeP8pW7kQQ947=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GvaR16zmmbR51wRRttPXmapbcxyGgd6cELa75CUa/iFRcieWJIsXVFDF1Zh2axAJJggBIIoBEwwYCYnDFPix4yMO7tEtDLOOXLr+p0gXolA78ZoosqQ2fr3Q8sVio8eTiFnaSdsFkn7zgDyaSdiAR9Y0s/nCD93QdHq07YanowvKM1DmM4B/iqjbRJ0FAJMvRnd8rXUmczxupz/e41H7sNYPwuOnWpY7XjxPSFHHGs5lcFiBxemd2A/cWvC9/IzTFUz4wiBkW6YZ4X6QTDbLw01DsTsL3BUpPlMDiX+RdBJWXLIw0X5B0RVhERMAhdgDI9rLovlC0B56fvHPIRW3uw== X-YMail-OSG: 3..gNEYVM1npyYP3wlCRTEglpSsCavacMqeno.US5i.m.veTnx56tTUqpqKxWNA I1GxtIP4Vey5SDP8JEp5nvqSYerbXflgJoO6MBoy4EZQkndouuZNfdLaGkToLStGYfuFmtY1yFuQ yd7QKaxzySDygm9sSO6816Wmw7rRuaPZmI8G2V6kWgTDvCIsRfTEr7qkvp.FeLznldnhWwfO9lI1 jX7.Jp5U3JHxHvjJ2g1ppIYJ1DmbG7Qp7x6LLDyPdCkPSZGHAw8T9Iagd_H0gSFYZqcAz0onyalL pZOzmA4_Goy7G8RIQ5lS8SFIaJVKFQR6ezjJxrWLw8iliw7rFke0qzrjz8Q.FiIzquXlp2DzME3j cdGy6HIuq1viZEPM45cojAFJhyfxxKB27.LHnjn4zgCn11XuzzA.9RJbv_0zABWbt3lGH8Dbouv8 ZgxOM9AFRmpBvhtCh1Pwo8cg6_TDMawER0v6TC6.PEKJdS9iq8EKlwrnGh0X4uVfM1evG4yGStqT rWN0gt2kR.gzVriXhhUwmbLn9cifohhLLD2hsaOpSgGJIC3jbCs37ois41stE.2LD_cM4xmFj8bO xNTKWUOXhpmZETMqpRgs4iurj9SqMbI4k26NiYQhBPNDRj9KIjyus2llyMnlQyr1i_lXHXL0Dd1p OjlSRh0GwFJ_ZbM_SRfupy.iMgFeM53U_IzCA0_kXLA1yhwxQan_oVV9qieluIuEY4Cf9Cus.tID UX687JmUNIHE0KY3HolTtSzTaCMtVVMwb2ksHBKfUV449DB4XM5WECELY8b888W8PX4CxQIXEmi0 ZHYG4P2lctgQ8IXH3GTfsmg.AhnhrHJ14qAuRn4aw_ X-Sonic-MF: Original-Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.bf2.yahoo.com with HTTP; Thu, 9 Mar 2023 07:26:10 +0000 Original-Received: by hermes--production-sg3-67c57bccff-5lh9j (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID f0efaba703926eb8fdd1deaecbf7ca3d; Thu, 09 Mar 2023 07:26:03 +0000 (UTC) In-Reply-To: <83pm9i2xye.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 09 Mar 2023 09:19:53 +0200") X-Mailer: WebService/1.1.21284 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Received-SPF: pass client-ip=74.6.129.40; envelope-from=luangruo@yahoo.com; helo=sonic301-1.consmr.mail.bf2.yahoo.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:304165 Archived-At: Eli Zaretskii writes: > I meant its being installed, not what it can portably accept. If > there are GNU systems out there without Bash (oh, horror!), then > anything goes. > > What next? GNU systems without Coreutils or Grep or Find? Systems > without GCC (or any compiler) are already widespread. The end of the > world must be near... `.desktop' files don't only exist on GNU systems; the systems I had in mind are some Unix systems. They do have sed, grep, find, ls, cc, and ksh, just not the GNU copies.