0001-New-lispref-section-Security-Considerations.patchDescription: Text Data
|
| From: | Paul Eggert |
| Subject: | Re: [PATCH] Add shell-quasiquote. |
| Date: | Wed, 21 Oct 2015 20:35:45 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 |
On 10/20/2015 11:55 AM, Taylan Ulrich Bayırlı/Kammer wrote:
Paul Eggert<address@hidden> writes:>Taylan Ulrich Bayırlı/Kammer wrote:>>>I must have missed it then, because all I remember are the cases (1)>>> >of running /bin/if (which is trivial and is not a realistic example), >>> >and (2) of installations with nonstandard shells (a problem that >>> >shqq--quote-string does not fix). It has been a long thread; quite >>> >possibly I missed something.>>Yeah, you missed the part about risk of code injection.:-)> >Code injection occurs because of (2), right? So it's not a risk that >shqq--quote-string would put much of a dent in.Sorry, no, that's not the problem. So after four days of incredibly tiresome repetition, people still don't understand the basic issue.
That's right, we don't. At least, I don't, and your recent responses haven't clarified things for me. That being said, I guessed as to what you're driving at, and installed the attached patch into the Emacs master. Although the new documentation section is pretty sketchy, perhaps it can be fleshed out by people who have more time to worry about this sort of thing.
0001-New-lispref-section-Security-Considerations.patch
Description: Text Data
| [Prev in Thread] | Current Thread | [Next in Thread] |