[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ob-maxima.el: Fix execution on MS Windows

From: Max Nikulin
Subject: Re: [PATCH] ob-maxima.el: Fix execution on MS Windows
Date: Thu, 30 Dec 2021 00:05:22 +0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0

On 27/12/2021 03:18, Nikolay Kudryavtsev wrote:

Ob-maxima currently does not work on Windows due to it using single quotes in the Maxima invocation and those not being supported by Windows CMD.

After some testing I've found an invocation that seems to work fine on both Windows and Linux. I don't think this patch can cause any real issue, since the string in those quotes is just the temp file path.

--- a/lisp/ob-maxima.el
+++ b/lisp/ob-maxima.el
@@ -77,7 +77,7 @@ This function is called by `org-babel-execute-src-block'."
         (let* ((cmdline (or (cdr (assq :cmdline params)) ""))
                (in-file (org-babel-temp-file "maxima-" ".max"))
-               (cmd (format "%s --very-quiet -r 'batchload(%S)$' %s"
+               (cmd (format "%s --very-quiet -r \"batchload(\\\"%S\\\")\"$ %s"
                             org-babel-maxima-command in-file cmdline)))

I do not like original variant, but suggested change makes it unsafe in more cases. `in-file' might contain apostrophe in the case of peculiar path of the directory for temporary files. More characters may be interpreted by BASH inside double quotes. Even docstring for `shell-quote-argument' mentions security issues with the function.

Ideally command arguments should be passed as a list to avoid intermediate interpretation by shell at all. Unfortunately gluing strings to make a shell command is used too widely in org code and emacs API encourages such unsafe way.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]