From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Demi Obenour Newsgroups: gmane.emacs.bugs Subject: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows command shell Date: Thu, 11 Aug 2016 19:11:44 -0400 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a11478678bc0aa10539d3e30b X-Trace: blaine.gmane.org 1470958949 11476 195.159.176.226 (11 Aug 2016 23:42:29 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 11 Aug 2016 23:42:29 +0000 (UTC) Cc: 19350@debbugs.gnu.org To: Noam Postavsky Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Aug 12 01:42:23 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bXzcA-0002a2-Vl for geb-bug-gnu-emacs@m.gmane.org; Fri, 12 Aug 2016 01:42:19 +0200 Original-Received: from localhost ([::1]:50910 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bXzc7-0003AE-19 for geb-bug-gnu-emacs@m.gmane.org; Thu, 11 Aug 2016 19:42:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34936) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bXzby-00039E-S4 for bug-gnu-emacs@gnu.org; Thu, 11 Aug 2016 19:42:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bXzbu-0008NP-RI for bug-gnu-emacs@gnu.org; Thu, 11 Aug 2016 19:42:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:56788) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bXzbu-0008N5-O5 for bug-gnu-emacs@gnu.org; Thu, 11 Aug 2016 19:42:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bXzbu-0003lh-Ct for bug-gnu-emacs@gnu.org; Thu, 11 Aug 2016 19:42:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Demi Obenour Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 11 Aug 2016 23:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19350 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: wontfix confirmed Original-Received: via spool by 19350-submit@debbugs.gnu.org id=B19350.147095886314415 (code B ref 19350); Thu, 11 Aug 2016 23:42:02 +0000 Original-Received: (at 19350) by debbugs.gnu.org; 11 Aug 2016 23:41:03 +0000 Original-Received: from localhost ([127.0.0.1]:54500 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bXzaw-0003kQ-Oq for submit@debbugs.gnu.org; Thu, 11 Aug 2016 19:41:03 -0400 Original-Received: from mail-ua0-f174.google.com ([209.85.217.174]:36161) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bXz8g-00032x-ML for 19350@debbugs.gnu.org; Thu, 11 Aug 2016 19:11:51 -0400 Original-Received: by mail-ua0-f174.google.com with SMTP id 97so17020935uav.3 for <19350@debbugs.gnu.org>; Thu, 11 Aug 2016 16:11:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2YHoAmi+Of3xTHJsXdhvTKvAa88llbPyweldWHEP9n8=; b=VaYHsxzQHiHcTOzsZfVo2+jE8CDd/3Hr6OiDt0prqq8Dc5EpH0KCBOQXtU7BCDfITW krRPIRppfwSkQPsNizM2thhXGqUTOIhDgRiDA0WdDJi1Z8JQCWhk2Z/0M+RUglruFZL8 htaBqxgihnK0MFcC6ZnJfcu2cozaDFZC20K102je6q5YLJXDrGqmdA/Ev/zAExdCkOFV 9srCDaq/Rsbz/ngTm1XSiRGNpZLP4ffX2tSq0HqUos3p0fCbU5JRtBUWXoRaXIMR4m7q we7JQZhnTwK/6WGYz/NcMqoPKTU2JSsJtkGCCQcFIwv3U2vo1D+BsopxDecxPd08QaTM jRzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2YHoAmi+Of3xTHJsXdhvTKvAa88llbPyweldWHEP9n8=; b=WPdWHb7icY5JB7qM9SHHZo+KTdm9dmYlQ1yEQAvl4pBpf53+V4fxbFZyiadW+d93qT KBkLQekwJDjk5bmq1ZmQSZ6onXL8nBOToNYosgw7X1MqObhogbL9VoeKhLZCjxg7bkMs DBH+DVo9oLWnc5S25uy5dGcQ3WUjfrLoQ5/wMGOrbfAU5D/k9encIRlERDCysn6DRFhm YmAXcii7r30XLjrMvM10OsD8d40ncbwf+MiaiflWCJeRAtbZdMZMSkeXcESDG0iAjojv DEOa+hSGlciaRqOocEZF0rtjzIGsxhp5yBXY82ATM9TjIrcJ4ZiCcWeiQIbCGCsQSBeP ILRA== X-Gm-Message-State: AEkoouu05uArNDU40to1h8TvodjtoGReHvwz5i6AfWDQ6YPCKtGvmIFoMIOOZAmLYwbrtVomUapAg5pRI/WITw== X-Received: by 10.31.107.89 with SMTP id g86mr5223370vkc.52.1470957105186; Thu, 11 Aug 2016 16:11:45 -0700 (PDT) Original-Received: by 10.176.69.131 with HTTP; Thu, 11 Aug 2016 16:11:44 -0700 (PDT) Original-Received: by 10.176.69.131 with HTTP; Thu, 11 Aug 2016 16:11:44 -0700 (PDT) In-Reply-To: X-Mailman-Approved-At: Thu, 11 Aug 2016 19:41:02 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:122117 Archived-At: --001a11478678bc0aa10539d3e30b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I think that this needs to be fixed 100% =E2=80=94 it is a security issue. Another option is to enable command extensions every time Emacs spawns a shell. On Aug 10, 2016 9:00 AM, "Noam Postavsky" wrote: > > tag 19350 confirmed > severity 19350 minor > quit > > > Looking at the code in subr.el, it is clear that Emacs mishandles > > %-signs when escaping for the Windows command interpreter. > [...] > > > > I deleted the lossage from the report, as there is no point in includin= g > > it, this being a logic error in subr.el. In fact, the buggy code is dea= d > > on my machine (I run Linux) -- I happened to know about the problem on > > Windows. > > Well, it would have been nice to mention which function you're talking > about, and give an example problematic string. I guess it's > shell-quote-argument: > > Evaluating > > (let ((process-environment (cl-list* "ca^=3Dwith-caret" > "ca=3Dwithout-caret" > process-environment))) > (insert (shell-command-to-string > (format "echo %s %s %s" > "%ca%" > (shell-quote-argument "%ca%") > "%%CD:~,0%ca%%CD:~,0%")))) > gives > > without-caret "with-caret" %ca% > > On the other hand, this is such an obscure corner case, I'm don't know > if it's even worth fixing. > > > A method of handling % that I believe to be fully > > robust is to follow (not precede) each series of % characters with > > %CD:~,0%. This is an expansion that always expands to the empty > > string. It will work provided that: > > > > * Command Extensions are enabled. > > I'm not sure if Emacs can assume this. > > > > > * It is not possible for cmd.exe to interpret an environment variable > > whose name is the empty string. > > I found that adding "=3Demptyvar" to process-environment caused > "Spawning child process: exec format error", so I guess this > assumption is safe. --001a11478678bc0aa10539d3e30b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I think that this needs to be fixed 100% =E2=80=94 it is a s= ecurity issue.

Another option is to enable command extensions every time Em= acs spawns a shell.

On Aug 10, 2016 9:00 AM, "Noam Postavsky" <npostavs@users.sourceforge.ne= t> wrote:
>
> tag 19350 confirmed
> severity 19350 minor
> quit
>
> > Looking at the code in subr.el, it is clear that Emacs mishandles=
> > %-signs when escaping for the Windows command interpreter.
> [...]
> >
> > I deleted the lossage from the report, as there is no point in in= cluding
> > it, this being a logic error in subr.el. In fact, the buggy code = is dead
> > on my machine (I run Linux) -- I happened to know about the probl= em on
> > Windows.
>
> Well, it would have been nice to mention which function you're tal= king
> about, and give an example problematic string.=C2=A0 I guess it's<= br> > shell-quote-argument:
>
> Evaluating
>
> (let ((process-environment (cl-list* "ca^=3Dwith-caret"
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0"ca=3Dwi= thout-caret"
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0process-envir= onment)))
> =C2=A0 (insert (shell-command-to-string
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(format "echo %s %s %s&q= uot;
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&= quot;%ca%"
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(= shell-quote-argument "%ca%")
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&= quot;%%CD:~,0%ca%%CD:~,0%"))))
> gives
>
> without-caret "with-caret" %ca%
>
> On the other hand, this is such an obscure corner case, I'm don= 9;t know
> if it's even worth fixing.
>
> > A method of handling % that I believe to be fully
> > robust is to follow (not precede) each series of % characters wit= h
> > %CD:~,0%. This is an expansion that always expands to the empty > > string. It will work provided that:
> >
> > * Command Extensions are enabled.
>
> I'm not sure if Emacs can assume this.
>
> >
> > * It is not possible for cmd.exe to interpret an environment vari= able
> >=C2=A0 =C2=A0whose name is the empty string.
>
> I found that adding "=3Demptyvar" to process-environment cau= sed
> "Spawning child process: exec format error", so I guess this=
> assumption is safe.

--001a11478678bc0aa10539d3e30b--