emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

From: tomas
Subject: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Date: Thu, 9 Mar 2023 09:20:51 +0100 
On Thu, Mar 09, 2023 at 09:19:53AM +0200, Eli Zaretskii wrote:
> > From: Po Lu <luangruo@yahoo.com>
> > Cc: Ulrich Mueller <ulm@gentoo.org>,  rpluim@gmail.com,  emacs-devel@gnu.org
> > Date: Thu, 09 Mar 2023 08:50:21 +0800
> > 
> > Eli Zaretskii <eliz@gnu.org> writes:
> > 
> > > I hope it is, but I thought this about Bash as well...
> > 
> > sed is be portable as long as you avoid alternation, separators in
> > patterns, empty parenthesized patterns, character classes, nested
> > parentheses, and some other pitfalls which don't immediately come to
> > mind.
> 
> I meant its being installed, not what it can portably accept.  If
> there are GNU systems out there without Bash (oh, horror!), then
> anything goes.
> 
> What next? GNU systems without Coreutils or Grep or Find?  Systems
> without GCC (or any compiler) are already widespread.  The end of the
> world must be near...

POSIX is a pretty respectable baseline one might want to target.
And guess what? Bash isn't the only POSIX shell.

Now a project like Emacs could just say "what do I care about
POSIX?". But that would be, IMHO, a disservice to free software.

Cheers
-- 
t

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]