[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac
From: |
Po Lu |
Subject: |
Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop |
Date: |
Wed, 08 Mar 2023 10:24:36 +0800 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Ulrich Mueller <ulm@gentoo.org> writes:
> Then the desktop file won't work, obviously. The problem is that
> ${PARAMETER//PATTERN/STRING} substitution is not available in POSIX
> parameter expansion. So with POSIX sh, an external program (e.g. sed)
> would have to be called.
>
> The long term solution (suggested by Stefan Monnier) might be to add
> a --funcall option to emacsclient. Then there would be no need for a
> shell wrapper, in the first place.
>
> Should the Makefile skip installation of emacsclient-mail.desktop
> when bash isn't available on the system?
Could we install this change not on emacs-29, but on master?
I don't think the problem it solves is severe, nor a regression from
Emacs 28. It is rather a minor nusiance with certain URLs.
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Po Lu, 2023/03/07
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/07
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop,
Po Lu <=
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Po Lu, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Po Lu, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Robert Pluim, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Ulrich Mueller, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Robert Pluim, 2023/03/08
- Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, Eli Zaretskii, 2023/03/08