From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: taylanbayirli@gmail.com (Taylan Ulrich =?utf-8?Q?Bay=C4=B1rl=C4=B1?= =?utf-8?Q?=2FKammer?=) Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] Add shell-quasiquote. Date: Tue, 20 Oct 2015 14:48:19 +0200 Message-ID: <87h9llk8oc.fsf@T420.taylan> References: <87si59wj42.fsf@T420.taylan> <878u6znii9.fsf@T420.taylan> <836123gfh2.fsf@gnu.org> <87r3krm0t3.fsf@T420.taylan> <5624F66F.1030600@yandex.ru> <87io63lzkg.fsf@T420.taylan> <562508B7.3020202@yandex.ru> <876122n5v3.fsf@T420.taylan> <22053.50324.60123.654292@turnbull.sk.tsukuba.ac.jp> <87d1waknl1.fsf@T420.taylan> <87oafugeia.fsf@fencepost.gnu.org> <87si56j5nv.fsf@T420.taylan> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1445345347 30714 80.91.229.3 (20 Oct 2015 12:49:07 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 20 Oct 2015 12:49:07 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Oct 20 14:48:59 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZoWLT-00046g-DO for ged-emacs-devel@m.gmane.org; Tue, 20 Oct 2015 14:48:51 +0200 Original-Received: from localhost ([::1]:45639 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZoWLS-0005BN-OJ for ged-emacs-devel@m.gmane.org; Tue, 20 Oct 2015 08:48:50 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41603) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZoWL3-00057e-F6 for emacs-devel@gnu.org; Tue, 20 Oct 2015 08:48:27 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZoWL0-0004o5-R0 for emacs-devel@gnu.org; Tue, 20 Oct 2015 08:48:25 -0400 Original-Received: from mail-wi0-x229.google.com ([2a00:1450:400c:c05::229]:38602) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZoWL0-0004mx-Gn for emacs-devel@gnu.org; Tue, 20 Oct 2015 08:48:22 -0400 Original-Received: by wicll6 with SMTP id ll6so26731573wic.1 for ; Tue, 20 Oct 2015 05:48:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:references:date:in-reply-to:message-id:user-agent :mime-version:content-type:content-transfer-encoding; bh=Mx76aRkCWJ/BJCUVvd8JoFmz8iKN+BOIC4gSqMG1510=; b=QegVtma23Y8RAPkEC+SkobzSNexK1hWdnseZq5bOuJFRKAxytNlNr4LSL2tIVDY/1H gVaTttQAutB4HD2mmH5L8Xzmg7dMfSj6eHcSc8le+H/CEw9ZVdLm/DyuibJgpVH8sAv8 SST1D1Xq1m96TtLgPgGZoEQv1OSmeUkuI/BCBNWzlKY/ll0Ckjs/5P4PoAK00I2n09uY wnmsvF6ASftHhZ7jeACqwcooApnHIk6Uf1qXRZp4espUw/FW5VIQQtpCMHHMfVT0dSED tfHxVcWdvDUP0I3Wkv7m+Ee2I/pap+p2sZfTOITDQ9brHNfaIqCVtbMQX3FkdFW2C005 PqsQ== X-Received: by 10.180.188.100 with SMTP id fz4mr28504546wic.28.1445345301421; Tue, 20 Oct 2015 05:48:21 -0700 (PDT) Original-Received: from T420.taylan ([2a02:908:c32:4740:221:ccff:fe66:68f0]) by smtp.gmail.com with ESMTPSA id he3sm3650700wjc.48.2015.10.20.05.48.20 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Oct 2015 05:48:20 -0700 (PDT) In-Reply-To: <87si56j5nv.fsf@T420.taylan> ("Taylan Ulrich \=\?utf-8\?Q\?\=5C\=22Bay\=C4\=B1rl\=C4\=B1\=2FKammer\=5C\=22\=22's\?\= message of "Tue, 20 Oct 2015 10:38:44 +0200") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c05::229 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:192181 Archived-At: taylanbayirli@gmail.com (Taylan Ulrich "Bay=C4=B1rl=C4=B1/Kammer") writes: > "John Wiegley" writes: > > [...] > > For those interested in this topic, please also read my response to > another mail by John on the bug#21702 thread. I'm afraid there was a > big misunderstanding in, at least, the reasons for my frustration. > > I don't know whether the points mentioned above (people being used to > *faster* paced communication than e-d) apply to other cases of > contributor frustration, but I suspect that it's a red herring. > > Taylan Err, silliness, John took that discussion off the bug ML (sensibly). Long story short, the problem is far from unresponsiveness. The problem is giving me the feeling that no matter how many times I raise the same point on why I need a given change in shell-quote-argument or else cannot use it, no matter how clearly I strain myself to explain the logic, and even provide patches that address the issue, my points get outright ignored, misunderstood (willfully?), irrelevant points raised out of nowhere to argue against, the patches of course not used, and so on and so forth. All the while I get bluntly commanded to make a change to my code that goes directly against the point I'm trying to raise the whole time. There is not a dismissive attitude towards my work altogether, but to my very words and ideas. I'm not a brainless code-editing machine to follow the orders of emacs-devel, so if I point out a reason why I don't want to make a given change, listen to it. If I even propose a solution that will make me able to make the given change, and even offer a patch, actually consider it. To elaborate... In the first mail in this thread already, a function of mine which did precisely what the documentation implied, and did that correctly, has been outright called "wrong," and I was more or less commanded make a change to my code for which there was a comment indicating that I already considered the change and intentionally decided against it. You would expect some respect to one's intellect, therefore a simple request of clarification or such if the reason for my decision is unclear, but nope: >> +;;; Like `shell-quote-argument', but much simpler in implementation. >> +(defun shqq--quote-string (string) >> + (concat "'" (replace-regexp-in-string "'" "'\\\\''" string) "'")) > > It might be simpler, but it's wrong, because the result is only > correct for Posix shells. > > Please do use shell-quote-argument instead. (The documentation for the whole library mentioned that only POSIX is supported, although not that comment.) Not thinking much about it (this level of unintentional impoliteness is daily course), I ignored that mistake in attitude, and briefly explained the reason for not making the change outright: > Hmm, I don't really want to take responsibility of my library being used > with shells other than POSIX shells. (The library could make that > clearer and error on other systems.) > How much can I rely on shell-quote-argument? Can one fully rely on it > being safe against code injection? After that I was asked what sort of code injection I mean, which I clarified. I also clarified that I don't want to take responsibility of my code being used on other systems, but that it's no problem if the responsibility can be shared: > I generally don't want to take responsibility of my code being used on > non-GNU/non-POSIX systems, but if I can share the responsibility then > that's fine. > (let ((file-list (read where-ever))) > (shqq (cp -- ,@file-list some-place))) >=20 > That code is *guaranteed* to either copy the files in file-list to > some-place, or error, so long as the argument quoting by shqq works > well. If it has a bug, then malicious input from where-ever may be able > to execute arbitrary shell commands. >=20 > Is shell-quote-argument safe against such a thing? My shqq-quote-string > isn't exactly formally proven to be safe either, but its implementation > is so simple it's fairly obvious that it doesn't contain bugs. This was responded to with an assertion that I somehow share responsibility over the whole Emacs code-base. And more or less an outright dismissal of the problem I explained: > Please take a look at the implementation of shell-quote-argument. It > uses the same interfaces as your implementation, no more, no less. If > your implementation is safe, then so is shell-quote-argument. (Which "interface"? The two implementations differ entirely. Was "interface" meant as in function signature? How is that relevant to implementation quality, and what's the problem with clearly documenting the safety guarantees offered by the interface?) I could go on, but you're probably bored. After that point, more people join in with careless assertions that shell-quote-argument is surely safe and can be relied on, shortly after which someone demonstrates an injection attack on it when used with csh. Even that doesn't convince our folks, and an abrasive and dismissive attitude towards the problem I'm pointing out continues. The same thing repeats/continues on the bug mailing list. I feel kind of silly writing this mail, because it doesn't amount to much more than rehashing what's already found few mails up in the archive. I can do little better than pointing and asking "don't you see the problem here?!" But maybe some people will look harder now, I hope. And before someone thinks of making a nasty remark about over sensitivity, feelings of entitlement, or else, I'd like to point out that my frustration is rooted in part in people's unwillingness to accept the importance of a code injection vulnerability. And that's a technical point. It's precisely because I *don't* believe that Emacs developers are idiots (as was suggested at some point) that I believe the problem must instead have some social/behavioral aspect to it, like a fundamental lack of belief in newcomers' ability of insight, or lack of care in explaining why you think a mentioned problem is in fact not a problem, or something of that sort. Taylan