[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix security problem in lilypond-invoke-editor (issue 336240043 by a

From: dak
Subject: Re: Fix security problem in lilypond-invoke-editor (issue 336240043 by address@hidden)
Date: Fri, 24 Nov 2017 04:57:21 -0800
File scripts/lilypond-invoke-editor.scm (right):
#!/home/knut/sources/lilybuilt/share/lilypond/bin/guile -s
This line is not going to work.
scripts/lilypond-invoke-editor.scm:110: (define (run-editor uri)
I think editor.scm is used elsewhere so its basic API
(get-editor-command) should be made to work.

Instead of using system* I am currently attempting to port Emacs'
shell-quote-argument.  That is a less invasive change regarding the API
though I underestimated what a monstrous process quoting in Windows-like
systems is, starting with figuring out which quoting convention to use:
I wanted to put this up yesterday to avoid duplicate work but failed.
Sorry for that.

One thing is that I trust the Emacs developers to have done a pretty
thorough job.  Likely better than what Guile did with system* on

reply via email to

[Prev in Thread] Current Thread [Next in Thread]