From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Random832 Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] Add shell-quasiquote. Date: Sat, 17 Oct 2015 18:09:34 -0400 Message-ID: <87oafx171d.fsf@fastmail.com> References: <87si59wj42.fsf@T420.taylan> <83eggt4esi.fsf@gnu.org> <87fv19wh7b.fsf@T420.taylan> <83bnbx4d7e.fsf@gnu.org> <87twppuzfu.fsf@T420.taylan> <83a8rh48if.fsf@gnu.org> <87io65utmt.fsf@T420.taylan> <5622B337.4050700@yandex.ru> <876125uqzw.fsf@T420.taylan> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1445119822 14655 80.91.229.3 (17 Oct 2015 22:10:22 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 17 Oct 2015 22:10:22 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Oct 18 00:10:14 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZnZg4-0000M0-JY for ged-emacs-devel@m.gmane.org; Sun, 18 Oct 2015 00:10:12 +0200 Original-Received: from localhost ([::1]:59931 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZnZg3-00069t-Q9 for ged-emacs-devel@m.gmane.org; Sat, 17 Oct 2015 18:10:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55013) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZnZfs-00069f-Gb for emacs-devel@gnu.org; Sat, 17 Oct 2015 18:10:01 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZnZfo-0007LL-GF for emacs-devel@gnu.org; Sat, 17 Oct 2015 18:10:00 -0400 Original-Received: from plane.gmane.org ([80.91.229.3]:46505) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZnZfo-0007LE-9a for emacs-devel@gnu.org; Sat, 17 Oct 2015 18:09:56 -0400 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1ZnZfm-0008Tg-Kd for emacs-devel@gnu.org; Sun, 18 Oct 2015 00:09:54 +0200 Original-Received: from c-68-39-146-59.hsd1.in.comcast.net ([68.39.146.59]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 18 Oct 2015 00:09:54 +0200 Original-Received: from random832 by c-68-39-146-59.hsd1.in.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 18 Oct 2015 00:09:54 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 21 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-68-39-146-59.hsd1.in.comcast.net User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) Cancel-Lock: sha1:4S2QitT/jzY5esWHRXW83+F5Fho= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:191896 Archived-At: taylanbayirli@gmail.com (Taylan Ulrich "Bayırlı/Kammer") writes: > Dmitry Gutov writes: >> If you know of a real problem scenario reproducible with >> shell-quote-argument, please file a bug. Then we'll fix it. > > Not knowing that there are bugs is not proof that there are no bugs. Why aren't you as sure of its safety, regarding the POSIX section, as you are of the safety of your implementation? >> Either way, please avoid reinventing the wheel. > > It's not a reinvention because it has very strict semantics with regard > to safety guarantees, which shell-quote-argument apparently doesn't. Out of curiosity, how are you guaranteeing that the result will be executed by a POSIX shell? Passing a string quoted by your function to MS Windows' cmd.exe (or, to that matter, to csh - even worse than the existing version) would be an absolute disaster as far as injection vulnerabilities go.