emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

From: Jim Porter
Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Date: Wed, 8 Mar 2023 10:54:08 -0800 
On 3/8/2023 9:20 AM, Robert Pluim wrote:

On Wed, 8 Mar 2023 09:03:30 -0800, Jim Porter <jporterbugs@gmail.com> said:

     Jim> In bug#57752, we'd discussed adding --apply to emacs and emacsclient,
     Jim> which might work better for this case, as well as to make other
     Jim> similar cases easier: Org mode uses some pretty extensive hacks in
     Jim> order to get org-protocol:// URLs working in emacsclient, and
     Jim> eliminating that would be very nice.

Thanks for the reference. Iʼve re-read the report, and the
sort-of-consensus was that we needed '--apply' and a `set-arg'
function.  Eli, would that be acceptable? (my patch called `apply'
anyway, so itʼs not too big a change :-) )
'set-arg' is probably simple enough that we could expect users to write it themselves. '--apply' is a bit tricky (for emacsclient at least), since we'd need to properly escape strings. I guess the complexity of doing this would depend on how we did the escaping though.
For reference for this thread, the conclusion we came to in bug#57752 was an interface like this: 

  emacs --apply func1 arg1 arg2 -- --apply func2 arg3 arg4

(Ditto for emacsclient.)

----------------------------------------
For Org mode, the problem is that it wants to support "org-protocol": this is a special URL protocol that lets you capture bits of text (or whatever, really) into an Org file[1]. In order to avoid the escaping issues mentioned in this thread, Org has to jump through a lot of hoops, advising several functions in server.el (see org-protocol.el and this thread[2]). Note: This also uses .desktop files on systems using XDG (sorry, Eli), but that's just how you register URL protocols on those systems; not much we can do about that.
That said, the '--apply' argument would (debatably) be useful in other places too: for example, if I wanted a shell command to open a link in EWW, I could define an alias like: 

  alias eww="emacs --apply eww"
  # or
  alias eww="emacsclient --apply eww"
Or you could use it with 'view-file' to make an alias to open a file in Emacs just for viewing. (And you could do similar things any time you want to pass an arbitrary string to Emacs from a script.)
Currently, you can do all this with the main emacs binary by writing your own function that calls '(pop command-line-args-left)' (see 'message-mailto'), but as the commit from this thread suggests, that's not possible with emacsclient currently. It also means that even for the main emacs binary, you need to specially-write your function to use 'command-line-args-left' instead of being able to call existing functions directly. 

[1] https://orgmode.org/worg/org-contrib/org-protocol.html

[2] https://lists.gnu.org/archive/html/emacs-orgmode/2022-02/msg00056.html
reply via email to
[Prev in Thread] Current Thread [Next in Thread]