From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 0568A6DE0A7F for ; Fri, 16 Sep 2016 16:22:39 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.792 X-Spam-Level: X-Spam-Status: No, score=-0.792 tagged_above=-999 required=5 tests=[AWL=0.039, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nZGgi9ReLdhO for ; Fri, 16 Sep 2016 16:22:38 -0700 (PDT) Received: from mail-pa0-f42.google.com (mail-pa0-f42.google.com [209.85.220.42]) by arlo.cworth.org (Postfix) with ESMTPS id 5F8DF6DE096A for ; Fri, 16 Sep 2016 16:22:38 -0700 (PDT) Received: by mail-pa0-f42.google.com with SMTP id cm16so30082214pac.0 for ; Fri, 16 Sep 2016 16:22:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:subject:in-reply-to:references:date:message-id:mime-version; bh=y+RFDw+uobeSmbh9G7fnd+w8KH8RSNFCnOINpfBvo8Y=; b=Ojv5SUhf+GNN2hJcy+3Maeq6B93kJJsaoJJgH51wUhuI32f+WVZViK+SAjXupnV2o0 t+uQgSc/15y2OtNuFvOnfqEAuRFQaoO86eTN3OUZMm5eLpkW1humxhj0wfFzrt20CQ7H 4XHzknXQ96dmBMFOJDkItS4bqAKxmv6HWmRr8AzLOezMUR5TfiJkP1+gW3lfbcoV7ajJ FdmwQwxJRd+VknTxPO3GZKUBz4Epiji1h7+k3PgFdVnRzZnT9FZbVwLsTZAlPXXEyqCQ e2dAkvwxozVDVcQe0G5ehMHPV8hBZ8VkDZlYddRM23H/6GQPa47SZM2SC+0+/0CPgHQy d4OQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version; bh=y+RFDw+uobeSmbh9G7fnd+w8KH8RSNFCnOINpfBvo8Y=; b=IqrJkmoYp3Z0+o8lcfQRG8aaRF4TER2HH5FtGpq5r4ahEM0GtadDC+qQzESbYuUyZ5 iBo03NBBOTI3L5mb7Zo4TGw1vdAmVKCIwNqiXD3QlQLMp5ZbFVFL+gkloD429wvXT7PR IFv9cSnKeRS1ebwhSQhkaW2LufGFh2FcCKb2tbbBNCefQH7h1J/Y6avchXGteQQhMlKg 4ISXdsSUrEn4EnLhq2k6XhTxuon7CWwd6GgNYTOiJlUOsqBr/0uL9k4d+Q8nQ/fPi0oD 89FpXOVlBRwpnxBfuHN2JYvGf3hyWaaF6aufY5jF2bdiylI/yzCrxxCp+h2qqYprOcni RJyQ== X-Gm-Message-State: AE9vXwO+vgFhgxlj2dRrZIVfywECP0wjQZCWaARXlzpdT0LS3Qkyd3hfO4MuLcS3bNhMLKcu X-Received: by 10.66.19.197 with SMTP id h5mr6974569pae.142.1474068157927; Fri, 16 Sep 2016 16:22:37 -0700 (PDT) Received: from marmstrong-linux.kir.corp.google.com ([2620:0:1008:11:756f:8b11:def4:5692]) by smtp.gmail.com with ESMTPSA id d26sm44937099pfe.37.2016.09.16.16.22.36 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Fri, 16 Sep 2016 16:22:36 -0700 (PDT) From: Matt Armstrong To: Mark Walters , notmuch@notmuchmail.org, Tomi Ollila Subject: Re: [PATCH] emacs: notmuch-show: remove extraneous shell quoting In-Reply-To: <87lgyrbps4.fsf@qmul.ac.uk> References: <1473834053-17591-1-git-send-email-marmstrong@google.com> <87lgyrbps4.fsf@qmul.ac.uk> Date: Fri, 16 Sep 2016 16:22:35 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2016 23:22:39 -0000 Mark Walters writes: > Hi > > On Fri, 16 Sep 2016, Matt Armstrong wrote: >> Tomi, thanks for your reply asking for some motivation behind this >> patch. I can't reply directly to your message because, for some reason, >> it doesn't appear in my mailbox (I discovered your message while reading >> the mail archive on notmuchmail.org). >> >> The code dealing with this quoting issue was last touched in commit >> b57d9635f50d5e9b53092218e81f6d2c391c363e, where Carl recognizes the >> quoting is a bit of a hack and asks for a better fix. This is my >> attempt. >> >> I am motivated by a concern for code health. I saw the quoting, did not >> understand it, recognized it as probably wrong, investigated how the >> quotes were actually passed from Emacs to the shell, and still believed >> it wrong. >> >> I think this kind of flaw can be placed in the category of security fix. >> Quoting issues often are. But, I'm not a security person. > > I think all the data being passed is generated by notmuch so I don't > see a security issue. The search phrase is entered by the user. Imagine a user searching for an exact substring they copy/paste from source code, etc. It is contrived, but it isn't hard to imagine users using single quotes in their searches. >> By my reasoning, the rationale for the change is simple: >> >> a) It is the job of notmuch elisp to pass call-process the args in an >> appropriate manner for notmuch-command (which is always a local >> command). Because call-process takes a list of strings, and no shell is >> involved, using shell quotes is wrong. It just so happens that Xapian >> ignores the quotes, but taking advantage of that is not a great thing. >> >> b) If notmuch-command is doing something fancy, as is the case with the >> "remote" script on https://notmuchmail.org/remoteusage/, it is the job >> of that script to quote its own args properly for ssh. It looks like it >> already does this. > > That one script does -- there are at least two others even on the wiki > (see the links at the bottom of the above page) -- they also seem to be > fine. But there could be other user scripts that do need the quoting. I agree that there is risk to the change. However, the scripts that require the quoting from notmuch.el are already broken. They will break whenever a user happens to include a single quote in their query. > So the question is do we mind breaking a few currently working setups > for the purpose of a mild cleanup. Since the current code is confusing I > think a comment would be in order if we don't apply this patch. Yes, some debate about the importance of the cleanup, but I agree that if we do keep the quoting it deserves some comment. >> So, the quoting is unnecessary on both accounts. >> >> >> Matt Armstrong writes: >> >>> Remove shell quoting from notmuch-show--build-buffer. The args list >>> is ultimately passed to call-process, which passes them verbatim to >>> the subprocess (typically, notmuch). The quoting, intended for a >>> shell, is unnecessary and confusing. >> _______________________________________________ >> notmuch mailing list >> notmuch@notmuchmail.org >> https://notmuchmail.org/mailman/listinfo/notmuch