[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fixing Windows and DOS command line argument quoting
From: |
Daniel Colascione |
Subject: |
Re: Fixing Windows and DOS command line argument quoting |
Date: |
Mon, 25 Apr 2011 11:24:08 -0700 |
User-agent: |
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 |
On 4/25/11 1:49 AM, Daniel Colascione wrote:
>> . Please install this only on the trunk. The emacs-23 branch should
>> not be destabilized by such experiments at this time.
>
> Fair enough.
I'd just like to note that it'd be a good idea to eventually backport
this fix to Emacs 23: it's a security issue. The current
shell-quote-argument doesn't, so (shell-command (format "cmd %s"
(shell-quote-argument untrusted-input))) can run an arbitrary command.
signature.asc
Description: OpenPGP digital signature
- Re: Fixing Windows and DOS command line argument quoting, (continued)
- Re: Fixing Windows and DOS command line argument quoting, Eli Zaretskii, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting, Daniel Colascione, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting, Jason Rumney, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting, Eli Zaretskii, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting, Daniel Colascione, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting, Daniel Colascione, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting, Eli Zaretskii, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting, Daniel Colascione, 2011/04/26
- Re: Fixing Windows and DOS command line argument quoting, Eli Zaretskii, 2011/04/26
- Re: Fixing Windows and DOS command line argument quoting, Eli Zaretskii, 2011/04/25
- Re: Fixing Windows and DOS command line argument quoting,
Daniel Colascione <=
- Re: Fixing Windows and DOS command line argument quoting, Eli Zaretskii, 2011/04/25
Re: Fixing Windows and DOS command line argument quoting, Ben Key, 2011/04/26