emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

From: Robert Pluim
Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Date: Wed, 08 Mar 2023 18:20:14 +0100 
>>>>> On Wed, 8 Mar 2023 09:03:30 -0800, Jim Porter <jporterbugs@gmail.com> 
>>>>> said:

    Jim> On 3/8/2023 6:17 AM, Eli Zaretskii wrote:
    >>> From: Robert Pluim <rpluim@gmail.com>
    >>> Cc: Po Lu <luangruo@yahoo.com>,  emacs-devel@gnu.org
    >>> Date: Wed, 08 Mar 2023 12:47:19 +0100
    >>> 
    >>> We can then add `--funcall' to emacs-30, and revisit this there.
    >> Fair warning: I will object to adding --funcall just for this niche
    >> problem.  We didn't reach an agreement about --funcall at the time,
    >> and for good reasons; this particular use case does absolutely nothing
    >> to change the outcome of that discussion.

    Jim> In bug#57752, we'd discussed adding --apply to emacs and emacsclient,
    Jim> which might work better for this case, as well as to make other
    Jim> similar cases easier: Org mode uses some pretty extensive hacks in
    Jim> order to get org-protocol:// URLs working in emacsclient, and
    Jim> eliminating that would be very nice.

Thanks for the reference. Iʼve re-read the report, and the
sort-of-consensus was that we needed '--apply' and a `set-arg'
function.  Eli, would that be acceptable? (my patch called `apply'
anyway, so itʼs not too big a change :-) )

Robert
--
reply via email to
[Prev in Thread] Current Thread [Next in Thread]