[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac
From: |
Robert Pluim |
Subject: |
Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop |
Date: |
Wed, 08 Mar 2023 18:20:14 +0100 |
>>>>> On Wed, 8 Mar 2023 09:03:30 -0800, Jim Porter <jporterbugs@gmail.com>
>>>>> said:
Jim> On 3/8/2023 6:17 AM, Eli Zaretskii wrote:
>>> From: Robert Pluim <rpluim@gmail.com>
>>> Cc: Po Lu <luangruo@yahoo.com>, emacs-devel@gnu.org
>>> Date: Wed, 08 Mar 2023 12:47:19 +0100
>>>
>>> We can then add `--funcall' to emacs-30, and revisit this there.
>> Fair warning: I will object to adding --funcall just for this niche
>> problem. We didn't reach an agreement about --funcall at the time,
>> and for good reasons; this particular use case does absolutely nothing
>> to change the outcome of that discussion.
Jim> In bug#57752, we'd discussed adding --apply to emacs and emacsclient,
Jim> which might work better for this case, as well as to make other
Jim> similar cases easier: Org mode uses some pretty extensive hacks in
Jim> order to get org-protocol:// URLs working in emacsclient, and
Jim> eliminating that would be very nice.
Thanks for the reference. Iʼve re-read the report, and the
sort-of-consensus was that we needed '--apply' and a `set-arg'
function. Eli, would that be acceptable? (my patch called `apply'
anyway, so itʼs not too big a change :-) )
Robert
--
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, (continued)
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Po Lu, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Robert Pluim, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Robert Pluim, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Eli Zaretskii, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Robert Pluim, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Jim Porter, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop,
Robert Pluim <=
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Eli Zaretskii, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Jim Porter, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Robert Pluim, 2023/03/09
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Po Lu, 2023/03/09
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Robert Pluim, 2023/03/09
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Jim Porter, 2023/03/09
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Po Lu, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Eli Zaretskii, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Po Lu, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Eli Zaretskii, 2023/03/09