From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Stefan Kangas <stefankangas@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#61709: [PATCH] Security hardening: safely invoke `shell-command*'
 function.
Date: Mon, 5 Feb 2024 02:29:55 -0500
Message-ID: <CADwFkmnFXQpixjnYt88szmHB67M-Ugkx5Pe2Cg0MrnTr8pWXnA@mail.gmail.com>
References: <tencent_1658911363C6A826A5C6FDCE463E327C3005@qq.com>
 <83y1opra5o.fsf@gnu.org> <tencent_84BAE1E5C1009C08331835C035527704F208@qq.com>
 <83sfewpe4d.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="14131"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 61709-done@debbugs.gnu.org
To: Eli Zaretskii <eliz@gnu.org>, lux <lx@shellcodes.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Feb 05 08:31:15 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1rWtRi-0003Wj-PB
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 05 Feb 2024 08:31:14 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1rWtRR-0000pN-5U; Mon, 05 Feb 2024 02:30:57 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rWtRJ-0000oj-W6
 for bug-gnu-emacs@gnu.org; Mon, 05 Feb 2024 02:30:50 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rWtRJ-0002ES-NU
 for bug-gnu-emacs@gnu.org; Mon, 05 Feb 2024 02:30:49 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rWtRW-00069l-3a
 for bug-gnu-emacs@gnu.org; Mon, 05 Feb 2024 02:31:02 -0500
Resent-From: Stefan Kangas <stefankangas@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-To: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 05 Feb 2024 07:31:01 +0000
Resent-Message-ID: <handler.61709.D61709.170711821823598.done@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: cc-closed 61709
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
Mail-Followup-To: 61709@debbugs.gnu.org, stefankangas@gmail.com,
 lx@shellcodes.org
Original-Received: via spool by 61709-done@debbugs.gnu.org id=D61709.170711821823598
 (code D ref 61709); Mon, 05 Feb 2024 07:31:01 +0000
Original-Received: (at 61709-done) by debbugs.gnu.org; 5 Feb 2024 07:30:18 +0000
Original-Received: from localhost ([127.0.0.1]:50465 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rWtQo-00068Y-BY
 for submit@debbugs.gnu.org; Mon, 05 Feb 2024 02:30:18 -0500
Original-Received: from mail-lj1-x22c.google.com ([2a00:1450:4864:20::22c]:53714)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@gmail.com>) id 1rWtQl-00068G-Lf
 for 61709-done@debbugs.gnu.org; Mon, 05 Feb 2024 02:30:17 -0500
Original-Received: by mail-lj1-x22c.google.com with SMTP id
 38308e7fff4ca-2d090c83d45so24615381fa.3
 for <61709-done@debbugs.gnu.org>; Sun, 04 Feb 2024 23:30:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1707118197; x=1707722997; darn=debbugs.gnu.org;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=gTH03Oml7eT2B3W3XgEbwxcTSnUFbasGnXcZedAw7T0=;
 b=bxUR3o6zC1dJiboen95bd97Rygs4NdMAvozzm9zVa4A7kp46LYPytDjldUGJ9VNTaI
 vOGTSh0v4oMyw/wTnVUbvFdulaF+7F8UTul2Eu3d3n8cUWutGy3q8d9Y5xRDY7PfaC3Y
 nhbOpk6qTvi4FhwJCIN0X7FaYGH75Q+YEPgT+5vFF+BAFNh48YeVuvCxnoPKPpLyvjVS
 0xUxdkHi3RRZrEMZaPUzXwdUiKt/Nmo9m+AYIVkaMr7xm2AiaYudXXIatFf29Bs1+h26
 BGq5qwkltwra33Ek5oyomxpOu8uDyj3DZ2Ae2EplXylp2tJhSdYyrMuX0rL5XwdSm/gt
 p5AA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1707118197; x=1707722997;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=gTH03Oml7eT2B3W3XgEbwxcTSnUFbasGnXcZedAw7T0=;
 b=Le+Q5rYRze1I4iivZ8EM2ybAWz1lrfzTH3Px7Did/hvqlZhjyys00ivEQOK26AfBa9
 u9yVg5Bz3V2v00gg6cqkL2kPTBZUqUEuJaW5LZcBDm2A0eicguG+qgzCPKvO4pPbfdtz
 MHywH3N+BfTEY2E+nBFssfVqOHx/ZpGoJ9wgH6qlRxDrBX93eZ0F9IwLOLI/yEQTLC+R
 yI2dhcO6allAFwqitG1dgL+3uH2qrKg/iTSRXAam3jNyABbK//qK9+YiDkHozJW5KhD7
 1UX1XZLhz5IeR0qvG57uyzJIkDVHJsmvmUMWx00rYNDQmh/tdnkDcJsCN/qhDKITX42a
 d7zg==
X-Gm-Message-State: AOJu0YyGa5jof/0fXdwZLoyYW3mjRw0DyPi62nGan4In1GegLAO9L0P/
 FhZaGf6TNeQxLo1LPFydz0EjgxqQkGMmc3jjDUiN56yxw3NgS3CM4p+lAsK5mvKFSpNbgobw3B2
 eDGL2tQzyoq6CpiWelf1qVcu816Y=
X-Google-Smtp-Source: AGHT+IHSxZT3X8bsh2DmARCAXAYTVzE0398fVFHKejNsjlKiB7qbqjQSV56VH4azN5TtbFiF0DiCpykEGyPynM0qqVU=
X-Received: by 2002:a2e:a788:0:b0:2d0:b27e:2437 with SMTP id
 c8-20020a2ea788000000b002d0b27e2437mr363048ljf.39.1707118196726; Sun, 04 Feb
 2024 23:29:56 -0800 (PST)
Original-Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Mon, 5 Feb 2024 02:29:55 -0500
In-Reply-To: <83sfewpe4d.fsf@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:279440
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/279440>

Version: 30.1

Eli Zaretskii <eliz@gnu.org> writes:

>> From: lux <lx@shellcodes.org>
>> Cc: 61709@debbugs.gnu.org
>> Date: Thu, 23 Feb 2023 21:17:12 +0800
>>
>> You're right, thank you. I rewrited this patch.
>>
>> Let me briefly explain this patch:
>>
>> 1. I think `filesets-select-command' not need fixed, because it not
>> used, and I cleaned up relevant old comments in `filesets-external-
>> viewers'.
>>
>> 2. Using `shell-quote-argument' to replace `filesets-quote' and
>> `(format "%S" ...)'. Because in the shell, double quotation marks can
>> still execute unexpected code, such as $(), `command` and $var.

Thank you for paying attention to these issues.

Pushed to master as commit 7756e9c7361, and closing the bug.

> Thanks.  I hesitate installing this because I don't myself use
> filesets, and we don't have tests for it.  So I'm not sure how to
> ensure that we don't break this package.
>
> Does someone else here use filesets?

Let's hope that if it breaks something, someone will report a bug.  :-/