Re: [PATCH] Add shell-quasiquote.

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Add shell-quasiquote.

From:	Random832
Subject:	Re: [PATCH] Add shell-quasiquote.
Date:	Sat, 17 Oct 2015 17:20:02 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Paul Eggert <address@hidden> writes:

> Taylan Ulrich Bayırlı/Kammer wrote:
>> You seem to be implying that using shell-quote-argument will uphold the
>> invariant that the code is safe against injection.  I'm asking for
>> explicit confirmation of that.
>
> Yes, it's safe. In contrast, the version you proposed is not safe for
> really weird csh-like shells, where it can mishandle '!'.

If supporting csh-like shells is a concern, I'll point out that the
newline mishandling I noted in another post allows one to, at least,
inject an arbitrary command with no arguments:

(call-process "csh" nil t "csh" "-c"
              (concat "echo " (shell-quote-argument
              "\nevil-command\n")))
Unmatched '.
evil-command: Command not found.
Unmatched '.
1

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] Add shell-quasiquote., (continued)

Prev by Date: Re: Introduction
Next by Date: Re: Emacs rewrite in a maintainable language
Previous by thread: Re: [PATCH] Add shell-quasiquote.
Next by thread: Re: [PATCH] Add shell-quasiquote.
Index(es):
- Date
- Thread