From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: taylanbayirli@gmail.com (Taylan Ulrich =?UTF-8?Q?Bay=C4=B1rl=C4=B1/Kammer?=) Newsgroups: gmane.emacs.bugs Subject: bug#21702: shell-quote-argument semantics and safety Date: Mon, 19 Oct 2015 11:50:23 +0200 Message-ID: <87lhaznq5c.fsf@T420.taylan> References: <871tcstkuk.fsf@T420.taylan> <83pp0chzax.fsf@gnu.org> <874mhoq9ct.fsf@T420.taylan> <83h9lohsao.fsf@gnu.org> <87h9lnpb0o.fsf@T420.taylan> <83twpnguzz.fsf@gnu.org> <87vba3nrg7.fsf@T420.taylan> <83io63gq55.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1445248286 32401 80.91.229.3 (19 Oct 2015 09:51:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 19 Oct 2015 09:51:26 +0000 (UTC) Cc: 21702@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Oct 19 11:51:15 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Zo762-00053K-EJ for geb-bug-gnu-emacs@m.gmane.org; Mon, 19 Oct 2015 11:51:14 +0200 Original-Received: from localhost ([::1]:37958 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zo761-0005O8-Ij for geb-bug-gnu-emacs@m.gmane.org; Mon, 19 Oct 2015 05:51:13 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47714) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zo75v-0005LG-2r for bug-gnu-emacs@gnu.org; Mon, 19 Oct 2015 05:51:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zo75q-00022r-BE for bug-gnu-emacs@gnu.org; Mon, 19 Oct 2015 05:51:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:36819) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zo75q-00022n-7V for bug-gnu-emacs@gnu.org; Mon, 19 Oct 2015 05:51:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Zo75q-0000js-2U for bug-gnu-emacs@gnu.org; Mon, 19 Oct 2015 05:51:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: taylanbayirli@gmail.com (Taylan Ulrich =?UTF-8?Q?Bay=C4=B1rl=C4=B1/Kammer?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 19 Oct 2015 09:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 21702 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 21702-submit@debbugs.gnu.org id=B21702.14452482292797 (code B ref 21702); Mon, 19 Oct 2015 09:51:02 +0000 Original-Received: (at 21702) by debbugs.gnu.org; 19 Oct 2015 09:50:29 +0000 Original-Received: from localhost ([127.0.0.1]:55760 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Zo75I-0000j2-U4 for submit@debbugs.gnu.org; Mon, 19 Oct 2015 05:50:29 -0400 Original-Received: from mail-lf0-f49.google.com ([209.85.215.49]:34638) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Zo75G-0000it-V5 for 21702@debbugs.gnu.org; Mon, 19 Oct 2015 05:50:27 -0400 Original-Received: by lfaz124 with SMTP id z124so105951257lfa.1 for <21702@debbugs.gnu.org>; Mon, 19 Oct 2015 02:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-type:content-transfer-encoding; bh=bW+KDHVaYIGkVCzgDhnMjqDvq+PaOWGldPJGcBD/ojs=; b=pT6vQZfx6wHDlscKDxHH85UsOJ+1mtz7Wt+OoioV7G/tyH8VMeURWsy4vT77yUkhku 7od1Yn0NcoSsVI6+ARuHS9q/L2RrP6FPGSn7Qa5AXKM/suN3q3HDX8CT3Ag3akzvuh/I hQhcDsn42eS9rM5iNr/lE0DKhKH4DjLjkxi8rAwSUG/0PlY41WRArL8g/PSUc3c9ReDO O0zxNiwGDucVjTidATMOu44EOedf5Iv4ySw3hRh1qzdZhW/AoletwbBZfeisHrhlZRMH gbw/aLOdb/5/DK1UhjgQMTm9un5aAapztAaSeD2tIK4wb3z45xsHDNg4wzgPgFq2erhE gL2Q== X-Received: by 10.180.91.70 with SMTP id cc6mr20477374wib.58.1445248225993; Mon, 19 Oct 2015 02:50:25 -0700 (PDT) Original-Received: from T420.taylan ([2a02:908:c32:4740:221:ccff:fe66:68f0]) by smtp.gmail.com with ESMTPSA id r6sm26505757wia.0.2015.10.19.02.50.24 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Oct 2015 02:50:24 -0700 (PDT) In-Reply-To: <83io63gq55.fsf@gnu.org> (Eli Zaretskii's message of "Mon, 19 Oct 2015 12:32:22 +0300") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:107752 Archived-At: Eli Zaretskii writes: >> From: taylanbayirli@gmail.com (Taylan Ulrich Bay=C4=B1rl=C4=B1/Kammer) >> Cc: 21702@debbugs.gnu.org >> Date: Mon, 19 Oct 2015 11:22:16 +0200 >>=20 >> > Like I said, this convention should be adopted project-wide. Doing so >> > only in a few doc strings, let alone one, will only confuse, because >> > the user will not know whether the lack of such documentation means >> > the API is safe or unsafe. >>=20 >> Yes, it should be done for every function for which the concerns I've >> explained apply. So let's start from this one. > > Before we start, we need a _decision_ to do that everywhere. Then we > could start doing that piecemeal. Before the decision is made, > there's no reason to make any such changes. Given all the reasons I listed, I would expect that decision to be obvious. >> >> I would propose something along the lines of: >> >>=20 >> >> It is guaranteed that ARGUMENT will be parsed as a single token by >> >> shells X, Y, and Z, as long as it is separated from other text vi= a a >> >> delimiter in the syntax of the respective shell. >> > >> > I don't think we want to mention specific shells explicitly, because >> > maintaining such a list would be a burden. The standard shell of each >> > OS is well defined and known to the users of the respective systems. >> > Moreover, Emacs by default uses that shell automatically. >>=20 >> For instance: POSIX sh, MS-DOS, and Windows NT, is not a long list. > > This list doesn't name shells on DOS and Windows (there are several > good candidates). As for Posix, is it only sh? What about Bash? what > about zsh? > > You see, the moment you come up with a list such as above, people will > start complaining that their favorite shell is not in the list, and > the list will grow. Then we will discover that some shells are not > really compatible after all, etc. etc. It's a maintenance burden we > had better avoided. > > Saying "the standard shell" avoids all that nicely, because it refers > to a single well-known shell. Dash, Bash and (AFAIK all versions of) ksh are POSIX sh compliant. Zsh not unless when requested IIRC; in any case "POSIX sh" is well-defined. My latest patch says "standard shells of MS-DOS and Windows NT." Feel free to improve that if necessary. >> I don't understand what "a shell command doesn't need to be quoted to be >> harmful" is supposed to mean > > Something like this: > > rm -rf /* What are you trying to say? Of course an arbitrary shell command can do anything. The whole point of shell-quote-argument is to prevent a string which is meant purely as an argument to a command to become equivalent in power to an arbitrary shell command. >> Here's a patch doing an improvement to the documentation like the one I >> proposed. Of course, if you have verified that shells other than POSIX >> sh are fully safe, feel free to improve the docstring accordingly. > > Thanks. However, like I said, I don't think this change would be > correct, or needed. I've explained the need for the change, and it is correct. I don't understand why you're trying to make everything so difficult. If for reasons unclear to me you absolutely refuse to accept these improvements to shell-quote-argument's documentation, I will just continue not using the function, because it cannot be trusted. Taylan