bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66390: `man' allows to inject arbitrary shell code

From: Max Nikulin
Subject: bug#66390: `man' allows to inject arbitrary shell code
Date: Sat, 7 Oct 2023 21:12:54 +0700
User-agent: Mozilla Thunderbird 
On 07/10/2023 20:04, Eli Zaretskii wrote:

From: Maxim Nikulin
Date: Sat, 7 Oct 2023 19:47:04 +0700



man.el should prevent substitution of shell specials literally from
`man' arguments into shell commands.


I think callers of 'man' should prevent that instead.
If it is fixed in man.el then it is fixed for all callers. Otherwise every caller must have notion of structure of references to man pages instead of just treating them as opaque sequence of characters.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]