Re: [PATCH] Add shell-quasiquote.

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Add shell-quasiquote.

From:	Random832
Subject:	Re: [PATCH] Add shell-quasiquote.
Date:	Sat, 17 Oct 2015 18:09:34 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

address@hidden (Taylan Ulrich "Bayırlı/Kammer") writes:

> Dmitry Gutov <address@hidden> writes:
>> If you know of a real problem scenario reproducible with
>> shell-quote-argument, please file a bug. Then we'll fix it.
>
> Not knowing that there are bugs is not proof that there are no bugs.

Why aren't you as sure of its safety, regarding the POSIX section, as you
are of the safety of your implementation?

>> Either way, please avoid reinventing the wheel.
>
> It's not a reinvention because it has very strict semantics with regard
> to safety guarantees, which shell-quote-argument apparently doesn't.

Out of curiosity, how are you guaranteeing that the result will be
executed by a POSIX shell? Passing a string quoted by your function to
MS Windows' cmd.exe (or, to that matter, to csh - even worse than the
existing version) would be an absolute disaster as far as injection
vulnerabilities go.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] Add shell-quasiquote., (continued)

Prev by Date: Re: [PATCH] Add json-sexp-mode.
Next by Date: Re: [PATCH] Add shell-quasiquote.
Previous by thread: Re: [PATCH] Add shell-quasiquote.
Next by thread: Re: [PATCH] Add shell-quasiquote.
Index(es):
- Date
- Thread