From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: npostavs@users.sourceforge.net Newsgroups: gmane.emacs.bugs Subject: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows command shell Date: Sun, 14 Aug 2016 23:13:43 -0400 Message-ID: <87shu6vi54.fsf@users.sourceforge.net> References: <87k2fmyg16.fsf@users.sourceforge.net> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1471230863 13246 195.159.176.226 (15 Aug 2016 03:14:23 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 15 Aug 2016 03:14:23 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) Cc: 19350@debbugs.gnu.org To: Demi Obenour Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Aug 15 05:14:20 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bZ8Lz-0003Hk-Qs for geb-bug-gnu-emacs@m.gmane.org; Mon, 15 Aug 2016 05:14:19 +0200 Original-Received: from localhost ([::1]:34762 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bZ8Lw-00014I-To for geb-bug-gnu-emacs@m.gmane.org; Sun, 14 Aug 2016 23:14:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44431) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bZ8Lm-00013t-O1 for bug-gnu-emacs@gnu.org; Sun, 14 Aug 2016 23:14:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bZ8Li-0000Rf-H8 for bug-gnu-emacs@gnu.org; Sun, 14 Aug 2016 23:14:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:60049) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bZ8Li-0000RZ-CM for bug-gnu-emacs@gnu.org; Sun, 14 Aug 2016 23:14:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bZ8Li-0004hY-0u for bug-gnu-emacs@gnu.org; Sun, 14 Aug 2016 23:14:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: npostavs@users.sourceforge.net Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 15 Aug 2016 03:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19350 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: wontfix confirmed Original-Received: via spool by 19350-submit@debbugs.gnu.org id=B19350.147123082118031 (code B ref 19350); Mon, 15 Aug 2016 03:14:01 +0000 Original-Received: (at 19350) by debbugs.gnu.org; 15 Aug 2016 03:13:41 +0000 Original-Received: from localhost ([127.0.0.1]:57761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bZ8LN-0004gl-19 for submit@debbugs.gnu.org; Sun, 14 Aug 2016 23:13:41 -0400 Original-Received: from mail-io0-f174.google.com ([209.85.223.174]:32870) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bZ8LL-0004gZ-5o for 19350@debbugs.gnu.org; Sun, 14 Aug 2016 23:13:39 -0400 Original-Received: by mail-io0-f174.google.com with SMTP id 38so70830160iol.0 for <19350@debbugs.gnu.org>; Sun, 14 Aug 2016 20:13:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=PRjZeUDhs9a3uk6GgLu/CIz62BQEuGcGIWiWnz0rdTg=; b=ZLmUiLsPuWtWCA9y1ddwQFi5fH0TzrhrYlZTfzBXHImxLV4OLtByPaQpbPcB6oQ2Yu l83PR6rDWz/hvd6OqzoykBOj8qPQOgjWCKQa7YGjCfGsonRiShnZu4SazjoFylGSwSwk 7Kd2qLrQ4Ex8xrcBUkbPH9FSBEYsommCYEOV/9qmXH3pNPS6Hu4uktjE6R7ifsLEQx08 yC+eg7u8sy5duAzP8KeHPQxIcK9rkFwDZLF0H4jLXWQ+I4kKhWrHiDbLpe8YzJ/JnMb2 t246bFnJmP6UW+nwGqHTCzXmF8NkihCCOpE9sm5rfeGGAIwPakVUtuxPDHOIoEGaOCvq 6cjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:references:date :in-reply-to:message-id:user-agent:mime-version; bh=PRjZeUDhs9a3uk6GgLu/CIz62BQEuGcGIWiWnz0rdTg=; b=W6hAEIdscEkpeZTWAiUvTTlL4XY+iI23eHPaQDPOEM5i7+3OVgA9FRBTc40euDpT4O ++Z5vqW42Uo43SgRjc8v4nkPwHx7vMZnIQLXVjWaKXJcAk7jwyedrxGN/HtWNmRZcpNO 9CXhM24yNdcVBas79WtDdNApES0bpf8t+jKCLaW+KTSeCVqkW4qDMrPh5sEVfPXsN0tr XiJlEJXaJwCz5Ol0zF9qyYod+KCdv1HZe4vVBrkXSoMZ6u1wE4adhjpjE5g+ndbtap3X qHl+I0Sq/hw9P6BufPGiDRFBui/P29tLpxNJGHCb63q2Xv+3G0KePiXyIJUPgDwplyWp wiwg== X-Gm-Message-State: AEkoouvupeMiztjXo6vz9bxv42Pa9qqQiJzs5zixY0B4GOYVh2fGNI+OhMA4aQonIPqBWw== X-Received: by 10.107.150.83 with SMTP id y80mr31958053iod.113.1471230813426; Sun, 14 Aug 2016 20:13:33 -0700 (PDT) Original-Received: from zony (206-188-64-44.cpe.distributel.net. [206.188.64.44]) by smtp.googlemail.com with ESMTPSA id h63sm6571145ita.12.2016.08.14.20.13.32 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 14 Aug 2016 20:13:32 -0700 (PDT) In-Reply-To: (Demi Obenour's message of "Sun, 14 Aug 2016 20:44:17 -0400") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:122230 Archived-At: Demi Obenour writes: > We don't know what this is being used for. For all we know, someone has written an Emacs plugin that passes a file with an attacker-controlled basename (ex. > downloaded from the Internet) and uses this function to escape the filename before passing it to an external command, and in a context where there are unbalanced > double quotes (say) in a known env var. Result: remote execution of arbitrary code. Hmm, maybe we could fix this by making Emacs refuse to apply environment variables with names ending in carets?