From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Noam Postavsky Newsgroups: gmane.emacs.bugs Subject: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows command shell Date: Thu, 18 Aug 2016 08:07:41 -0400 Message-ID: References: <87k2fmyg16.fsf@users.sourceforge.net> <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: blaine.gmane.org 1471522252 29528 195.159.176.226 (18 Aug 2016 12:10:52 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 18 Aug 2016 12:10:52 +0000 (UTC) Cc: 19350@debbugs.gnu.org To: Demi Obenour Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Aug 18 14:10:48 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1baM8L-0001HX-Lc for geb-bug-gnu-emacs@m.gmane.org; Thu, 18 Aug 2016 14:10:47 +0200 Original-Received: from localhost ([::1]:52312 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1baM7X-0004zX-65 for geb-bug-gnu-emacs@m.gmane.org; Thu, 18 Aug 2016 08:08:27 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50002) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1baM7J-0004yX-7a for bug-gnu-emacs@gnu.org; Thu, 18 Aug 2016 08:08:19 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1baM78-0004vP-Ki for bug-gnu-emacs@gnu.org; Thu, 18 Aug 2016 08:08:12 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:35007) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1baM78-0004vL-Ha for bug-gnu-emacs@gnu.org; Thu, 18 Aug 2016 08:08:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1baM78-0005RC-EC for bug-gnu-emacs@gnu.org; Thu, 18 Aug 2016 08:08:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Noam Postavsky Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 18 Aug 2016 12:08:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19350 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: wontfix confirmed Original-Received: via spool by 19350-submit@debbugs.gnu.org id=B19350.147152207920892 (code B ref 19350); Thu, 18 Aug 2016 12:08:02 +0000 Original-Received: (at 19350) by debbugs.gnu.org; 18 Aug 2016 12:07:59 +0000 Original-Received: from localhost ([127.0.0.1]:60952 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1baM70-0005Qp-3S for submit@debbugs.gnu.org; Thu, 18 Aug 2016 08:07:59 -0400 Original-Received: from mail-oi0-f48.google.com ([209.85.218.48]:33608) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1baM6t-0005QY-NN for 19350@debbugs.gnu.org; Thu, 18 Aug 2016 08:07:52 -0400 Original-Received: by mail-oi0-f48.google.com with SMTP id c15so19484351oig.0 for <19350@debbugs.gnu.org>; Thu, 18 Aug 2016 05:07:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=8EkYgPaWDGVvYlgRRXoLPuSOIkXjYBayPyoJL/A/jBA=; b=QIaOOST8q17lvzKXfp3UZBKyQ4o09IO9uF91HkK+6rBTteFkTj3SMHHrzvUBPs/eSv yy8wp2DCCCIKDfDbn1gd254pC+lgMO7oQRpK+YZX3qGNABIfsz8yrRsJKifcN9xiERPY 1L3cHi5Jo0o/QDRIBVl2RSgSFnR1U1XU/cmdHOrlNi9X52eekl25110r8c8DGnbJRJSj ZyIICzRvn24XAGcMsDyND0sP5CRliRVi88Ai3ZCGk6w1osNklC7pNzWdsAFOEo/DCmiQ LSBtavtySUA62Tl2+mNl65EEuePTiYCaqoDRt/DnAZlDb+hpwCFfh3Q+xD3tL3MzsVUT L7+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=8EkYgPaWDGVvYlgRRXoLPuSOIkXjYBayPyoJL/A/jBA=; b=mU+Qfj0kSAwwwMLwVZiNuA+e94aMMfIW/k7FWoFxCqjUiVvW/wn4siYzVmGUypUDHy P1bkDltEo4MKF4k41H9WRTDdOuLrZIv08kriBytf+R2LWRlEOCqJH7xZnb+w7SFlEN9y CJZWeySeZG6+nvS4RDaNP3tbWQWfed3SmUwwuT3EGDLlfnpDD+2kdkEMZiVBAFdXjGyk ZDVd5PjjbN5JLhM6X61n9aeCRCFskiQl+SVjYyGDVZLWmgf+xJjlT33yyyqJMbGdSKUq U0pZtGVvpPHO0mB8aTyMKzjLY+xxD47j+e34GxCJyYtQ71bt4mC3AkxbIPOQoR+KJMIQ AHDQ== X-Gm-Message-State: AEkoousPRbqQrgysvnG38AOxljpGxyVmwAm4stqyHCpH2h7nU1l4dZqKFPjm6JgDpOvpv0ZJRUSAiC0irZJmHA== X-Received: by 10.157.37.241 with SMTP id q104mr1097102ota.112.1471522062090; Thu, 18 Aug 2016 05:07:42 -0700 (PDT) Original-Received: by 10.157.7.200 with HTTP; Thu, 18 Aug 2016 05:07:41 -0700 (PDT) In-Reply-To: X-Google-Sender-Auth: -mAAs86M0XPGhrIHqy9iHMVqsOE X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:122358 Archived-At: On Wed, Aug 17, 2016 at 10:02 PM, Demi Obenour wrote: > But *nix has no such feature [environment variables affect shell escaping], nor the associated gotcha. I'm not sure what you're trying to point out here. Why does that matter? We're talking about Windows, not *nix. > > > On Aug 15, 2016 11:01 AM, "Eli Zaretskii" wrote: >> >> > From: npostavs@users.sourceforge.net >> > Date: Sun, 14 Aug 2016 23:13:43 -0400 >> > Cc: 19350@debbugs.gnu.org >> > >> > Hmm, maybe we could fix this by making Emacs refuse to apply environment >> > variables with names ending in carets? >> >> I'm very much against disallowing perfectly valid (if rare) use cases >> just because someone malicious can take advantage of that. >> >> From my POV, as long as Emacs itself doesn't produce such shell >> commands and/or environment variables for any of its features, >> avoiding this becomes user's responsibility, just like when working at >> the shell prompt. Of course, if we can find a reliable solution to >> the problem that doesn't take away features, that'd be better, but >> failing that, I'm okay with leaving this alone, perhaps documenting >> somewhere that using % in shell commands when there are environment >> variables ending in ^ could produce surprising results. >> >> Thanks.