emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fixing Windows and DOS command line argument quoting


From: Daniel Colascione
Subject: Re: Fixing Windows and DOS command line argument quoting
Date: Mon, 25 Apr 2011 11:24:08 -0700
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9

On 4/25/11 1:49 AM, Daniel Colascione wrote:
>>  . Please install this only on the trunk.  The emacs-23 branch should
>>    not be destabilized by such experiments at this time.
> 
> Fair enough.

I'd just like to note that it'd be a good idea to eventually backport
this fix to Emacs 23: it's a security issue.  The current
shell-quote-argument doesn't, so (shell-command (format "cmd %s"
(shell-quote-argument untrusted-input))) can run an arbitrary command.

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]