From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 11 13:44:19 2014
Received: (at submit) by debbugs.gnu.org; 11 Dec 2014 18:44:19 +0000
Received: from localhost ([127.0.0.1]:43077 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Xz8in-0002tf-F3
	for submit@debbugs.gnu.org; Thu, 11 Dec 2014 13:44:18 -0500
Received: from eggs.gnu.org ([208.118.235.92]:36146)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <demetriobenour@gmail.com>) id 1Xz8ik-0002tQ-Jg
 for submit@debbugs.gnu.org; Thu, 11 Dec 2014 13:44:16 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <demetriobenour@gmail.com>) id 1Xz8ia-0006BL-0D
 for submit@debbugs.gnu.org; Thu, 11 Dec 2014 13:44:09 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 T_DKIM_INVALID autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:36821)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <demetriobenour@gmail.com>) id 1Xz8iZ-0006BH-Tp
 for submit@debbugs.gnu.org; Thu, 11 Dec 2014 13:44:03 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37768)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <demetriobenour@gmail.com>) id 1Xz8iU-0003LC-Cw
 for bug-gnu-emacs@gnu.org; Thu, 11 Dec 2014 13:44:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <demetriobenour@gmail.com>) id 1Xz8iO-000651-QO
 for bug-gnu-emacs@gnu.org; Thu, 11 Dec 2014 13:43:58 -0500
Received: from mail-yh0-x22b.google.com ([2607:f8b0:4002:c01::22b]:42473)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <demetriobenour@gmail.com>) id 1Xz8iO-00064Q-Kn
 for bug-gnu-emacs@gnu.org; Thu, 11 Dec 2014 13:43:52 -0500
Received: by mail-yh0-f43.google.com with SMTP id z6so2556554yhz.2
 for <bug-gnu-emacs@gnu.org>; Thu, 11 Dec 2014 10:43:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:to:subject:date:message-id:mime-version:content-type;
 bh=QwY0W5wDdL/fXxaT5EXH43w2fMo1bwcYvm/4peU3uZ0=;
 b=0PB9Zk7elF9icUkyjsAR2TYPn5MULRz7v3CiVrb6PPmiirovT+d8N/wVDRp+YhyOqb
 wxled9IzgXGOZyQ6mhDbLUlliw11Jkhib3lQ6miFVIS03hQjWUxclsQ2IawV+ic31p61
 I7QfjoChmHAu4EeMDMQzVgNVqmPXSNQcsTtmEEs78e9pOFAeo2MgJVqRZXiuIR68+4Z4
 s0OXLTS9zCSqPbbEnlh9IgmI78KoEJRQpIFJsjaKep5U1QZUsvvzkiE4cbiV/YKd6XUQ
 xjFUMjfqdsfPJ0xeP0Iipz/uiSc0AbR0MPk2kcRR35/OKCAaYKSOh2cAMFymB9DPMxqz
 qeQg==
X-Received: by 10.170.118.199 with SMTP id k190mr9588318ykb.128.1418323431693; 
 Thu, 11 Dec 2014 10:43:51 -0800 (PST)
Received: from localhost.localdomain (dobenourlinux.nomads.utk.edu.
 [216.96.216.191])
 by mx.google.com with ESMTPSA id f37sm1014020yhq.38.2014.12.11.10.43.50
 for <bug-gnu-emacs@gnu.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 11 Dec 2014 10:43:51 -0800 (PST)
From: Demetrios Obenour <demetriobenour@gmail.com>
To: bug-gnu-emacs@gnu.org
Subject: 24.4; Incorrect quoting of %-signs for Windows command shell
Date: Thu, 11 Dec 2014 13:43:50 -0500
Message-ID: <877fxyt4bd.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -4.0 (----)


Looking at the code in subr.el, it is clear that Emacs mishandles
%-signs when escaping for the Windows command interpreter.

The Windows command interpreter looks at %-signs before looking at
carets. While the present method of escaping may appear to work, this is
only because environment variables with carets in their names are very
unlikely.

A method of handling % that I believe to be fully
robust is to follow (not precede) each series of % characters with
%CD:~,0%. This is an expansion that always expands to the empty
string. It will work provided that:

* Command Extensions are enabled.

* It is not possible for cmd.exe to interpret an environment variable
  whose name is the empty string.

Emacs is not the only program to have such a bug. The D programming
language has such a bug also, in its standard library (In fact, I
discovered the solution while looking for a fix to the bug).

I deleted the lossage from the report, as there is no point in including
it, this being a logic error in subr.el. In fact, the buggy code is dead
on my machine (I run Linux) -- I happened to know about the problem on
Windows.

Sincerely,

Demetrios Obenour



In GNU Emacs 24.4.1 (x86_64-redhat-linux-gnu, GTK+ Version 3.14.5)
 of 2014-11-19 on buildvm-03.phx2.fedoraproject.org
Windowing system distributor `Fedora Project', version 11.0.11602000
System Description:	Fedora release 21 (Twenty One)

Configured using:
 `configure --build=x86_64-redhat-linux-gnu
 --host=x86_64-redhat-linux-gnu --program-prefix=
 --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr
 --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc
 --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64
 --libexecdir=/usr/libexec --localstatedir=/var
 --sharedstatedir=/var/lib --mandir=/usr/share/man
 --infodir=/usr/share/info --with-dbus --with-gif --with-jpeg --with-png
 --with-rsvg --with-tiff --with-xft --with-xpm --with-x-toolkit=gtk3
 --with-gpm=no build_alias=x86_64-redhat-linux-gnu
 host_alias=x86_64-redhat-linux-gnu 'CFLAGS=-DMAIL_USE_LOCKF -O2 -g
 -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ''

Important settings:
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

Major mode: Emacs-Lisp

Minor modes in effect:
  display-time-mode: t
  display-battery-mode: t
  global-semanticdb-minor-mode: t
  global-semantic-idle-scheduler-mode: t
  show-paren-mode: t
  semantic-mode: t
  tooltip-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  global-visual-line-mode: t
  visual-line-mode: t
  transient-mark-mode: t

Recent messages:

uncompressing subr.el.gz...done
Note: file is write protected
Auto-saving...done
 [3 times]
<mode-line> <mouse-5> is undefined [2 times]
byte-code: End of buffer

Auto-saving...done


Load-path shadows:
/home/demetri/.emacs.d/elpa/sml-mode-6.5/sml-mode hides ~/.emacs.d/lisp/sml-mode
~/repos/mlton/mlton/ide/emacs/loaddefs hides ~/.emacs.d/lisp/loaddefs
~/haskell-mode/haskell-doc hides /usr/share/emacs/site-lisp/haskell-mode/haskell-doc
~/haskell-mode/haskell-checkers hides /usr/share/emacs/site-lisp/haskell-mode/haskell-checkers
~/haskell-mode/haskell-indentation hides /usr/share/emacs/site-lisp/haskell-mode/haskell-indentation
~/haskell-mode/haskell-navigate-imports hides /usr/share/emacs/site-lisp/haskell-mode/haskell-navigate-imports
~/haskell-mode/ghc-core hides /usr/share/emacs/site-lisp/haskell-mode/ghc-core
~/haskell-mode/haskell-show hides /usr/share/emacs/site-lisp/haskell-mode/haskell-show
~/haskell-mode/haskell-c hides /usr/share/emacs/site-lisp/haskell-mode/haskell-c
~/haskell-mode/haskell-package hides /usr/share/emacs/site-lisp/haskell-mode/haskell-package
~/haskell-mode/haskell-align-imports hides /usr/share/emacs/site-lisp/haskell-mode/haskell-align-imports
~/haskell-mode/haskell-process hides /usr/share/emacs/site-lisp/haskell-mode/haskell-process
~/haskell-mode/haskell-simple-indent hides /usr/share/emacs/site-lisp/haskell-mode/haskell-simple-indent
~/haskell-mode/haskell-move-nested hides /usr/share/emacs/site-lisp/haskell-mode/haskell-move-nested
~/haskell-mode/haskell-font-lock hides /usr/share/emacs/site-lisp/haskell-mode/haskell-font-lock
~/haskell-mode/inf-haskell hides /usr/share/emacs/site-lisp/haskell-mode/inf-haskell
~/haskell-mode/haskell-sort-imports hides /usr/share/emacs/site-lisp/haskell-mode/haskell-sort-imports
~/haskell-mode/haskell-string hides /usr/share/emacs/site-lisp/haskell-mode/haskell-string
~/haskell-mode/haskell-mode hides /usr/share/emacs/site-lisp/haskell-mode/haskell-mode
~/haskell-mode/haskell-interactive-mode hides /usr/share/emacs/site-lisp/haskell-mode/haskell-interactive-mode
~/haskell-mode/haskell-session hides /usr/share/emacs/site-lisp/haskell-mode/haskell-session
~/haskell-mode/haskell-indent hides /usr/share/emacs/site-lisp/haskell-mode/haskell-indent
~/haskell-mode/haskell-decl-scan hides /usr/share/emacs/site-lisp/haskell-mode/haskell-decl-scan
~/haskell-mode/haskell-cabal hides /usr/share/emacs/site-lisp/haskell-mode/haskell-cabal
~/repos/mlton/mlton/ide/emacs/loaddefs hides /usr/share/emacs/24.4/lisp/loaddefs
~/.emacs.d/lisp/term hides /usr/share/emacs/24.4/lisp/term
/home/demetri/.emacs.d/elpa/ada-mode-5.1.6/ada-mode hides /usr/share/emacs/24.4/lisp/progmodes/ada-mode
/home/demetri/.emacs.d/elpa/org-20140929/ob-fortran hides /usr/share/emacs/24.4/lisp/org/ob-fortran
/home/demetri/.emacs.d/elpa/org-20140929/ox hides /usr/share/emacs/24.4/lisp/org/ox
/home/demetri/.emacs.d/elpa/org-20140929/org-inlinetask hides /usr/share/emacs/24.4/lisp/org/org-inlinetask
/home/demetri/.emacs.d/elpa/org-20140929/org-colview hides /usr/share/emacs/24.4/lisp/org/org-colview
/home/demetri/.emacs.d/elpa/org-20140929/ob-dot hides /usr/share/emacs/24.4/lisp/org/ob-dot
/home/demetri/.emacs.d/elpa/org-20140929/org-clock hides /usr/share/emacs/24.4/lisp/org/org-clock
/home/demetri/.emacs.d/elpa/org-20140929/ox-publish hides /usr/share/emacs/24.4/lisp/org/ox-publish
/home/demetri/.emacs.d/elpa/org-20140929/ob-lob hides /usr/share/emacs/24.4/lisp/org/ob-lob
/home/demetri/.emacs.d/elpa/org-20140929/org-table hides /usr/share/emacs/24.4/lisp/org/org-table
/home/demetri/.emacs.d/elpa/org-20140929/ob-clojure hides /usr/share/emacs/24.4/lisp/org/ob-clojure
/home/demetri/.emacs.d/elpa/org-20140929/org-footnote hides /usr/share/emacs/24.4/lisp/org/org-footnote
/home/demetri/.emacs.d/elpa/org-20140929/ob-js hides /usr/share/emacs/24.4/lisp/org/ob-js
/home/demetri/.emacs.d/elpa/org-20140929/ox-texinfo hides /usr/share/emacs/24.4/lisp/org/ox-texinfo
/home/demetri/.emacs.d/elpa/org-20140929/ob-shen hides /usr/share/emacs/24.4/lisp/org/ob-shen
/home/demetri/.emacs.d/elpa/org-20140929/org-archive hides /usr/share/emacs/24.4/lisp/org/org-archive
/home/demetri/.emacs.d/elpa/org-20140929/org-loaddefs hides /usr/share/emacs/24.4/lisp/org/org-loaddefs
/home/demetri/.emacs.d/elpa/org-20140929/org-macs hides /usr/share/emacs/24.4/lisp/org/org-macs
/home/demetri/.emacs.d/elpa/org-20140929/ob-ruby hides /usr/share/emacs/24.4/lisp/org/ob-ruby
/home/demetri/.emacs.d/elpa/org-20140929/ob-tangle hides /usr/share/emacs/24.4/lisp/org/ob-tangle
/home/demetri/.emacs.d/elpa/org-20140929/ob-lisp hides /usr/share/emacs/24.4/lisp/org/ob-lisp
/home/demetri/.emacs.d/elpa/org-20140929/ob-mscgen hides /usr/share/emacs/24.4/lisp/org/ob-mscgen
/home/demetri/.emacs.d/elpa/org-20140929/ob-ref hides /usr/share/emacs/24.4/lisp/org/ob-ref
/home/demetri/.emacs.d/elpa/org-20140929/ob-sh hides /usr/share/emacs/24.4/lisp/org/ob-sh
/home/demetri/.emacs.d/elpa/org-20140929/org-entities hides /usr/share/emacs/24.4/lisp/org/org-entities
/home/demetri/.emacs.d/elpa/org-20140929/ob-ocaml hides /usr/share/emacs/24.4/lisp/org/ob-ocaml
/home/demetri/.emacs.d/elpa/org-20140929/org-list hides /usr/share/emacs/24.4/lisp/org/org-list
/home/demetri/.emacs.d/elpa/org-20140929/org-eshell hides /usr/share/emacs/24.4/lisp/org/org-eshell
/home/demetri/.emacs.d/elpa/org-20140929/ob-awk hides /usr/share/emacs/24.4/lisp/org/ob-awk
/home/demetri/.emacs.d/elpa/org-20140929/ob hides /usr/share/emacs/24.4/lisp/org/ob
/home/demetri/.emacs.d/elpa/org-20140929/ob-maxima hides /usr/share/emacs/24.4/lisp/org/ob-maxima
/home/demetri/.emacs.d/elpa/org-20140929/ob-python hides /usr/share/emacs/24.4/lisp/org/ob-python
/home/demetri/.emacs.d/elpa/org-20140929/org-element hides /usr/share/emacs/24.4/lisp/org/org-element
/home/demetri/.emacs.d/elpa/org-20140929/org-mobile hides /usr/share/emacs/24.4/lisp/org/org-mobile
/home/demetri/.emacs.d/elpa/org-20140929/org-bbdb hides /usr/share/emacs/24.4/lisp/org/org-bbdb
/home/demetri/.emacs.d/elpa/org-20140929/org-capture hides /usr/share/emacs/24.4/lisp/org/org-capture
/home/demetri/.emacs.d/elpa/org-20140929/ob-exp hides /usr/share/emacs/24.4/lisp/org/ob-exp
/home/demetri/.emacs.d/elpa/org-20140929/org-timer hides /usr/share/emacs/24.4/lisp/org/org-timer
/home/demetri/.emacs.d/elpa/org-20140929/org-id hides /usr/share/emacs/24.4/lisp/org/org-id
/home/demetri/.emacs.d/elpa/org-20140929/ob-lilypond hides /usr/share/emacs/24.4/lisp/org/ob-lilypond
/home/demetri/.emacs.d/elpa/org-20140929/ox-md hides /usr/share/emacs/24.4/lisp/org/ox-md
/home/demetri/.emacs.d/elpa/org-20140929/ox-odt hides /usr/share/emacs/24.4/lisp/org/ox-odt
/home/demetri/.emacs.d/elpa/org-20140929/ob-screen hides /usr/share/emacs/24.4/lisp/org/ob-screen
/home/demetri/.emacs.d/elpa/org-20140929/org hides /usr/share/emacs/24.4/lisp/org/org
/home/demetri/.emacs.d/elpa/org-20140929/ob-octave hides /usr/share/emacs/24.4/lisp/org/ob-octave
/home/demetri/.emacs.d/elpa/org-20140929/org-attach hides /usr/share/emacs/24.4/lisp/org/org-attach
/home/demetri/.emacs.d/elpa/org-20140929/ob-sqlite hides /usr/share/emacs/24.4/lisp/org/ob-sqlite
/home/demetri/.emacs.d/elpa/org-20140929/ox-html hides /usr/share/emacs/24.4/lisp/org/ox-html
/home/demetri/.emacs.d/elpa/org-20140929/org-irc hides /usr/share/emacs/24.4/lisp/org/org-irc
/home/demetri/.emacs.d/elpa/org-20140929/ob-gnuplot hides /usr/share/emacs/24.4/lisp/org/ob-gnuplot
/home/demetri/.emacs.d/elpa/org-20140929/org-mouse hides /usr/share/emacs/24.4/lisp/org/org-mouse
/home/demetri/.emacs.d/elpa/org-20140929/ox-org hides /usr/share/emacs/24.4/lisp/org/ox-org
/home/demetri/.emacs.d/elpa/org-20140929/ob-plantuml hides /usr/share/emacs/24.4/lisp/org/ob-plantuml
/home/demetri/.emacs.d/elpa/org-20140929/ob-io hides /usr/share/emacs/24.4/lisp/org/ob-io
/home/demetri/.emacs.d/elpa/org-20140929/ob-makefile hides /usr/share/emacs/24.4/lisp/org/ob-makefile
/home/demetri/.emacs.d/elpa/org-20140929/ob-sass hides /usr/share/emacs/24.4/lisp/org/ob-sass
/home/demetri/.emacs.d/elpa/org-20140929/ob-latex hides /usr/share/emacs/24.4/lisp/org/ob-latex
/home/demetri/.emacs.d/elpa/org-20140929/ob-comint hides /usr/share/emacs/24.4/lisp/org/ob-comint
/home/demetri/.emacs.d/elpa/org-20140929/ox-latex hides /usr/share/emacs/24.4/lisp/org/ox-latex
/home/demetri/.emacs.d/elpa/org-20140929/org-feed hides /usr/share/emacs/24.4/lisp/org/org-feed
/home/demetri/.emacs.d/elpa/org-20140929/org-version hides /usr/share/emacs/24.4/lisp/org/org-version
/home/demetri/.emacs.d/elpa/org-20140929/org-indent hides /usr/share/emacs/24.4/lisp/org/org-indent
/home/demetri/.emacs.d/elpa/org-20140929/ob-eval hides /usr/share/emacs/24.4/lisp/org/ob-eval
/home/demetri/.emacs.d/elpa/org-20140929/ob-matlab hides /usr/share/emacs/24.4/lisp/org/ob-matlab
/home/demetri/.emacs.d/elpa/org-20140929/org-gnus hides /usr/share/emacs/24.4/lisp/org/org-gnus
/home/demetri/.emacs.d/elpa/org-20140929/ob-org hides /usr/share/emacs/24.4/lisp/org/ob-org
/home/demetri/.emacs.d/elpa/org-20140929/ob-core hides /usr/share/emacs/24.4/lisp/org/ob-core
/home/demetri/.emacs.d/elpa/org-20140929/ob-sql hides /usr/share/emacs/24.4/lisp/org/ob-sql
/home/demetri/.emacs.d/elpa/org-20140929/org-plot hides /usr/share/emacs/24.4/lisp/org/org-plot
/home/demetri/.emacs.d/elpa/org-20140929/org-info hides /usr/share/emacs/24.4/lisp/org/org-info
/home/demetri/.emacs.d/elpa/org-20140929/org-pcomplete hides /usr/share/emacs/24.4/lisp/org/org-pcomplete
/home/demetri/.emacs.d/elpa/org-20140929/ob-emacs-lisp hides /usr/share/emacs/24.4/lisp/org/ob-emacs-lisp
/home/demetri/.emacs.d/elpa/org-20140929/org-crypt hides /usr/share/emacs/24.4/lisp/org/org-crypt
/home/demetri/.emacs.d/elpa/org-20140929/ox-icalendar hides /usr/share/emacs/24.4/lisp/org/ox-icalendar
/home/demetri/.emacs.d/elpa/org-20140929/org-w3m hides /usr/share/emacs/24.4/lisp/org/org-w3m
/home/demetri/.emacs.d/elpa/org-20140929/org-agenda hides /usr/share/emacs/24.4/lisp/org/org-agenda
/home/demetri/.emacs.d/elpa/org-20140929/org-faces hides /usr/share/emacs/24.4/lisp/org/org-faces
/home/demetri/.emacs.d/elpa/org-20140929/org-docview hides /usr/share/emacs/24.4/lisp/org/org-docview
/home/demetri/.emacs.d/elpa/org-20140929/ob-table hides /usr/share/emacs/24.4/lisp/org/ob-table
/home/demetri/.emacs.d/elpa/org-20140929/org-habit hides /usr/share/emacs/24.4/lisp/org/org-habit
/home/demetri/.emacs.d/elpa/org-20140929/ob-scheme hides /usr/share/emacs/24.4/lisp/org/ob-scheme
/home/demetri/.emacs.d/elpa/org-20140929/ob-ledger hides /usr/share/emacs/24.4/lisp/org/ob-ledger
/home/demetri/.emacs.d/elpa/org-20140929/org-rmail hides /usr/share/emacs/24.4/lisp/org/org-rmail
/home/demetri/.emacs.d/elpa/org-20140929/org-macro hides /usr/share/emacs/24.4/lisp/org/org-macro
/home/demetri/.emacs.d/elpa/org-20140929/org-protocol hides /usr/share/emacs/24.4/lisp/org/org-protocol
/home/demetri/.emacs.d/elpa/org-20140929/ob-calc hides /usr/share/emacs/24.4/lisp/org/ob-calc
/home/demetri/.emacs.d/elpa/org-20140929/ob-picolisp hides /usr/share/emacs/24.4/lisp/org/ob-picolisp
/home/demetri/.emacs.d/elpa/org-20140929/org-datetree hides /usr/share/emacs/24.4/lisp/org/org-datetree
/home/demetri/.emacs.d/elpa/org-20140929/ob-R hides /usr/share/emacs/24.4/lisp/org/ob-R
/home/demetri/.emacs.d/elpa/org-20140929/ob-C hides /usr/share/emacs/24.4/lisp/org/ob-C
/home/demetri/.emacs.d/elpa/org-20140929/ox-ascii hides /usr/share/emacs/24.4/lisp/org/ox-ascii
/home/demetri/.emacs.d/elpa/org-20140929/ob-java hides /usr/share/emacs/24.4/lisp/org/ob-java
/home/demetri/.emacs.d/elpa/org-20140929/ob-keys hides /usr/share/emacs/24.4/lisp/org/ob-keys
/home/demetri/.emacs.d/elpa/org-20140929/ob-perl hides /usr/share/emacs/24.4/lisp/org/ob-perl
/home/demetri/.emacs.d/elpa/org-20140929/ox-man hides /usr/share/emacs/24.4/lisp/org/ox-man
/home/demetri/.emacs.d/elpa/org-20140929/org-mhe hides /usr/share/emacs/24.4/lisp/org/org-mhe
/home/demetri/.emacs.d/elpa/org-20140929/org-ctags hides /usr/share/emacs/24.4/lisp/org/org-ctags
/home/demetri/.emacs.d/elpa/org-20140929/org-compat hides /usr/share/emacs/24.4/lisp/org/org-compat
/home/demetri/.emacs.d/elpa/org-20140929/ob-haskell hides /usr/share/emacs/24.4/lisp/org/ob-haskell
/home/demetri/.emacs.d/elpa/org-20140929/org-bibtex hides /usr/share/emacs/24.4/lisp/org/org-bibtex
/home/demetri/.emacs.d/elpa/org-20140929/ob-asymptote hides /usr/share/emacs/24.4/lisp/org/ob-asymptote
/home/demetri/.emacs.d/elpa/org-20140929/ob-scala hides /usr/share/emacs/24.4/lisp/org/ob-scala
/home/demetri/.emacs.d/elpa/org-20140929/ob-ditaa hides /usr/share/emacs/24.4/lisp/org/ob-ditaa
/home/demetri/.emacs.d/elpa/org-20140929/ox-beamer hides /usr/share/emacs/24.4/lisp/org/ox-beamer
/home/demetri/.emacs.d/elpa/org-20140929/ob-css hides /usr/share/emacs/24.4/lisp/org/ob-css
/home/demetri/.emacs.d/elpa/org-20140929/org-install hides /usr/share/emacs/24.4/lisp/org/org-install
/home/demetri/.emacs.d/elpa/org-20140929/org-src hides /usr/share/emacs/24.4/lisp/org/org-src
~/.emacs.d/lisp/backquote hides /usr/share/emacs/24.4/lisp/emacs-lisp/backquote
~/.emacs.d/lisp/benchmark hides /usr/share/emacs/24.4/lisp/emacs-lisp/benchmark

Features:
(shadow sort mail-extr emacsbug message format-spec rfc822 mml mml-sec
mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils
mailheader sendmail rfc2047 rfc2045 ietf-drums mail-utils jka-compr
eieio-opt speedbar sb-image dframe find-func help-mode ffap thingatpt
url-parse auth-source gnus-util mm-util mail-prsvr password-cache
url-vars ada-mode-autoloads adaptive-wrap-autoloads
adjust-parens-autoloads all-autoloads coffee-mode-autoloads
csv-mode-autoloads f90-interface-browser-autoloads js2-mode-autoloads
lex-autoloads nhexl-mode-autoloads info org-autoloads sml-mode-autoloads
vlf-autoloads wisi-autoloads package epg-config tls server
haskell-mode-autoloads edmacro kmacro cl-loaddefs cl-lib slime-autoloads
advice help-fns google-c-style ninja-mode derived time battery
semantic/db-mode semantic/db gv eieio-base semantic/idle semantic/format
ezimage semantic/tag-ls semantic/find semantic/ctxt saveplace paren
semantic/util-modes easymenu semantic/util semantic semantic/tag
semantic/lex semantic/fw eieio byte-opt bytecomp byte-compile cconv
eieio-core mode-local cedet cus-start cus-load vc vc-dispatcher
time-date tooltip electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment lisp-mode prog-mode register page menu-bar
rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax
facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak
czech european ethiopic indian cyrillic chinese case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button
faces cus-face macroexp files text-properties overlay sha1 md5 base64
format env code-pages mule custom widget hashtable-print-readable
backquote make-network-process dbusbind gfilenotify dynamic-setting
system-font-setting font-render-setting move-toolbar gtk x-toolkit x
multi-tty emacs)

Memory information:
((conses 16 131086 10758)
 (symbols 48 24584 0)
 (miscs 40 74 292)
 (strings 32 28561 5229)
 (string-bytes 1 900434)
 (vectors 16 15635)
 (vector-slots 8 449292 7938)
 (floats 8 84 523)
 (intervals 56 736 0)
 (buffers 960 14)
 (heap 1024 46826 991))




From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 10 11:41:21 2016
Received: (at control) by debbugs.gnu.org; 10 Aug 2016 15:41:21 +0000
Received: from localhost ([127.0.0.1]:52451 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bXVdB-00018U-6u
	for submit@debbugs.gnu.org; Wed, 10 Aug 2016 11:41:21 -0400
Received: from mail-oi0-f50.google.com ([209.85.218.50]:32806)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1bXVd9-00018H-0k
 for control@debbugs.gnu.org; Wed, 10 Aug 2016 11:41:19 -0400
Received: by mail-oi0-f50.google.com with SMTP id c15so64499302oig.0
 for <control@debbugs.gnu.org>; Wed, 10 Aug 2016 08:41:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:from:date:message-id:subject:to;
 bh=USTde2zfpEG3KcHl4f3CSzriKy35VKCqkX/qaROxXCw=;
 b=X5WyICQN9eJOPPtTY5afZamt7a8JevR9RgX9awh3hjOjn90VUDzMvTeDHwQYqY5sd4
 dulfWpKH+UvhdASn1LnBSj1Pj4Q0PDO/yk83UkECrw15vupGZJXqVfsFaB5PaSDwMxkQ
 Y6Wy6QIr7/j0LyZxDQVgVd+r034abtAk7B2Jc68yD+WLrlCV7SHz3CrQpSst1VOxrEaF
 QNVAAF2DWgzjsrmmBUAXfKc1hhaHJfE6zDrQMUxI34i6NyeaiR6LI2YRXaJOuPaYczQ9
 9wz79nlelxYNIaIVFPGImu8vvgZ99QBXxTiGmO5xCfNXKTiUGVAEGCizpvIrIFcArd/9
 jKGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
 :to; bh=USTde2zfpEG3KcHl4f3CSzriKy35VKCqkX/qaROxXCw=;
 b=XVJ9c8Lyk0qinTeZ6jpQVWl+RnN1JhP7BgH1zHUWGAaBS45GuX9x1ptm7xtz+Qc8hp
 nguOH6D2V3I74fWfF2BrYDD1DIFLxBPY7+HiZ8si/mHl5mm7dDXkm1Ha33q4G2gDhMdi
 mUmNxvlEBBo18AWUX4nFHe3ImenavoU5+7o3bdIuhIzzSkGa1KUfBvU9HFeKejuk1IMr
 vTYmVzKB03mDRumYAuw/Ul+WNg7TgfHMWKfqtP41vWsHiTRs5X5BNqrxymfiwLdr/xZq
 wM5HlXN5cIJkt2kfwHzyM7EYuzMGQ5j25bdNyDYj0KCavmRAQPD9TTe0BY29hqm8oEQy
 AEnw==
X-Gm-Message-State: AEkoout0OeanqlcBg2M5ZtMsnMQHRfsiEsdJJ9hpaHvnUIMSthDMw1Yh78KjXYFtsjwQG/e4ft9zzDBIaKU59w==
X-Received: by 10.202.73.205 with SMTP id w196mr1933007oia.40.1470834036887;
 Wed, 10 Aug 2016 06:00:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.7.161 with HTTP; Wed, 10 Aug 2016 06:00:36 -0700 (PDT)
From: Noam Postavsky <npostavs@users.sourceforge.net>
Date: Wed, 10 Aug 2016 09:00:36 -0400
X-Google-Sender-Auth: p-tnlB2cEX9P1ctnKLWLHZLMmmo
Message-ID: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
Subject: #19350 24.4; Incorrect quoting of %-signs for Windows command shell
To: Demetrios Obenour <demetriobenour@gmail.com>, 19350@debbugs.gnu.org
Content-Type: text/plain; charset=UTF-8
Bcc: control@debbugs.gnu.org
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

tag 19350 confirmed
severity 19350 minor
quit

> Looking at the code in subr.el, it is clear that Emacs mishandles
> %-signs when escaping for the Windows command interpreter.
[...]
>
> I deleted the lossage from the report, as there is no point in including
> it, this being a logic error in subr.el. In fact, the buggy code is dead
> on my machine (I run Linux) -- I happened to know about the problem on
> Windows.

Well, it would have been nice to mention which function you're talking
about, and give an example problematic string.  I guess it's
shell-quote-argument:

Evaluating

(let ((process-environment (cl-list* "ca^=with-caret"
                                     "ca=without-caret"
                                     process-environment)))
  (insert (shell-command-to-string
           (format "echo %s %s %s"
                   "%ca%"
                   (shell-quote-argument "%ca%")
                   "%%CD:~,0%ca%%CD:~,0%"))))
gives

without-caret "with-caret" %ca%

On the other hand, this is such an obscure corner case, I'm don't know
if it's even worth fixing.

> A method of handling % that I believe to be fully
> robust is to follow (not precede) each series of % characters with
> %CD:~,0%. This is an expansion that always expands to the empty
> string. It will work provided that:
>
> * Command Extensions are enabled.

I'm not sure if Emacs can assume this.

>
> * It is not possible for cmd.exe to interpret an environment variable
>   whose name is the empty string.

I found that adding "=emptyvar" to process-environment caused
"Spawning child process: exec format error", so I guess this
assumption is safe.




From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 10 12:12:08 2016
Received: (at 19350) by debbugs.gnu.org; 10 Aug 2016 16:12:08 +0000
Received: from localhost ([127.0.0.1]:52490 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bXW6x-0003YR-TZ
	for submit@debbugs.gnu.org; Wed, 10 Aug 2016 12:12:08 -0400
Received: from eggs.gnu.org ([208.118.235.92]:36564)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1bXW6w-0003Xv-Dz
 for 19350@debbugs.gnu.org; Wed, 10 Aug 2016 12:12:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eliz@gnu.org>) id 1bXW6o-0003TE-9I
 for 19350@debbugs.gnu.org; Wed, 10 Aug 2016 12:12:01 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:42626)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
 id 1bXW6o-0003T3-68; Wed, 10 Aug 2016 12:11:58 -0400
Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:4125
 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <eliz@gnu.org>)
 id 1bXW6k-00040Y-7S; Wed, 10 Aug 2016 12:11:56 -0400
Date: Wed, 10 Aug 2016 19:11:29 +0300
Message-Id: <83y444fvta.fsf@gnu.org>
From: Eli Zaretskii <eliz@gnu.org>
To: Noam Postavsky <npostavs@users.sourceforge.net>
In-reply-to: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 (message from Noam Postavsky on Wed, 10 Aug 2016 09:00:36 -0400)
Subject: Re: bug#19350: #19350 24.4;
 Incorrect quoting of %-signs for Windows command shell
References: <877fxyt4bd.fsf@gmail.com>
 <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.5 (-----)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, demetriobenour@gmail.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: Eli Zaretskii <eliz@gnu.org>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.5 (-----)

> From: Noam Postavsky <npostavs@users.sourceforge.net>
> Date: Wed, 10 Aug 2016 09:00:36 -0400
> 
> On the other hand, this is such an obscure corner case, I'm don't know
> if it's even worth fixing.

I agree.

Thanks.




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 17:39:22 2016
Received: (at control) by debbugs.gnu.org; 11 Aug 2016 21:39:22 +0000
Received: from localhost ([127.0.0.1]:54441 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bXxhC-0007at-Ib
	for submit@debbugs.gnu.org; Thu, 11 Aug 2016 17:39:22 -0400
Received: from mail-oi0-f43.google.com ([209.85.218.43]:34486)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1bXxhB-0007af-Gr
 for control@debbugs.gnu.org; Thu, 11 Aug 2016 17:39:21 -0400
Received: by mail-oi0-f43.google.com with SMTP id l203so11907789oib.1
 for <control@debbugs.gnu.org>; Thu, 11 Aug 2016 14:39:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to; bh=/UJnpKoRQ7QYmLHEmmtPLKEE4k6sxBfXdYkaZj/kues=;
 b=YAPCV6FqvuFIhCbWreI08jmv3MSHWW0YIZ7Ub8lXhX65G+NiIRK/w9Bq7oUdTdFQi4
 0EAgX0R5RuYklo+PilVjO3EALDyv0IQBSTFum/xJJIKh3Ud64KVL4Ct0hAX2WLZRhhEm
 yzUoQt5kBkN/xBT5NW+tRkYb4AnYBQQRiaPfR0bWgRBldIrRFXlAkhC2ushykAQdok55
 /IG9d+Q0EQijraRfb9sY5o269wICj9Wona+xN7fbwrm/X9gxGT6AW3AljhDDFeQbDcMR
 uwYMrN8bCVhwjHRcfTSKVtX67KOKjReXv7UdeTkJM3SqkD6LcEzpPpI+oou1M1KpPJXT
 Gfmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to;
 bh=/UJnpKoRQ7QYmLHEmmtPLKEE4k6sxBfXdYkaZj/kues=;
 b=BMNDE1qCHUvhV5Cbl9S00Iv3m41OfNZj1w3LZ7QtRjAcs9Bty74gAOnYHVKvPLIRzt
 0A2ItDleIWDAB235OPbDIogmHuihzgP9wWHg4/DXJp9mNPzmQJrMDXwV3XpOnIcDI6Qc
 WpJ2rnuksSkjUaMOIBV1nM5Mk96Tmwu08U/hZFQJn5uAAaUpjsJU/9Ts4CK6Worcn0mB
 iOt8iM6M5OUZLlitiEQ90OGD7Sc2WMXnU0GWtFePvHCIolZ2Psu4oRdiHJYyetTUjo6d
 58qRaGE318epvjmSxxuObwe2J9ZFelXnaOlIg65yMFsiybDGKHw8eTgd/32ZOfcg3Stk
 whfQ==
X-Gm-Message-State: AEkoousjQDDSmj/tSBnbWmxHnWyMYhEGL0VEZX3J+/wvvdVTIMBLB7Lb3E3StUqQJJDsedORVRFnJdvpywNXKw==
X-Received: by 10.202.169.13 with SMTP id s13mr5695906oie.35.1470951555663;
 Thu, 11 Aug 2016 14:39:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.7.161 with HTTP; Thu, 11 Aug 2016 14:39:15 -0700 (PDT)
In-Reply-To: <83y444fvta.fsf@gnu.org>
References: <877fxyt4bd.fsf@gmail.com>
 <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <83y444fvta.fsf@gnu.org>
From: Noam Postavsky <npostavs@users.sourceforge.net>
Date: Thu, 11 Aug 2016 17:39:15 -0400
X-Google-Sender-Auth: DZ27XTJPcruOxFEFtogFTGMYSbM
Message-ID: <CAM-tV-8QTJrk+gZO0JZo=mkWUOc4+771wYe5yKRGsO=6OYrm3g@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: GNU bug tracker automated control server <control@debbugs.gnu.org>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

tag 19350 + wontfix
quit

On Wed, Aug 10, 2016 at 12:11 PM, Eli Zaretskii <eliz@gnu.org> wrote:
>> From: Noam Postavsky <npostavs@users.sourceforge.net>
>> Date: Wed, 10 Aug 2016 09:00:36 -0400
>>
>> On the other hand, this is such an obscure corner case, I'm don't know
>> if it's even worth fixing.
>
> I agree.
>
> Thanks.




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 19:41:03 2016
Received: (at 19350) by debbugs.gnu.org; 11 Aug 2016 23:41:03 +0000
Received: from localhost ([127.0.0.1]:54500 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bXzaw-0003kQ-Oq
	for submit@debbugs.gnu.org; Thu, 11 Aug 2016 19:41:03 -0400
Received: from mail-ua0-f174.google.com ([209.85.217.174]:36161)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <demiobenour@gmail.com>) id 1bXz8g-00032x-ML
 for 19350@debbugs.gnu.org; Thu, 11 Aug 2016 19:11:51 -0400
Received: by mail-ua0-f174.google.com with SMTP id 97so17020935uav.3
 for <19350@debbugs.gnu.org>; Thu, 11 Aug 2016 16:11:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=2YHoAmi+Of3xTHJsXdhvTKvAa88llbPyweldWHEP9n8=;
 b=VaYHsxzQHiHcTOzsZfVo2+jE8CDd/3Hr6OiDt0prqq8Dc5EpH0KCBOQXtU7BCDfITW
 krRPIRppfwSkQPsNizM2thhXGqUTOIhDgRiDA0WdDJi1Z8JQCWhk2Z/0M+RUglruFZL8
 htaBqxgihnK0MFcC6ZnJfcu2cozaDFZC20K102je6q5YLJXDrGqmdA/Ev/zAExdCkOFV
 9srCDaq/Rsbz/ngTm1XSiRGNpZLP4ffX2tSq0HqUos3p0fCbU5JRtBUWXoRaXIMR4m7q
 we7JQZhnTwK/6WGYz/NcMqoPKTU2JSsJtkGCCQcFIwv3U2vo1D+BsopxDecxPd08QaTM
 jRzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=2YHoAmi+Of3xTHJsXdhvTKvAa88llbPyweldWHEP9n8=;
 b=WPdWHb7icY5JB7qM9SHHZo+KTdm9dmYlQ1yEQAvl4pBpf53+V4fxbFZyiadW+d93qT
 KBkLQekwJDjk5bmq1ZmQSZ6onXL8nBOToNYosgw7X1MqObhogbL9VoeKhLZCjxg7bkMs
 DBH+DVo9oLWnc5S25uy5dGcQ3WUjfrLoQ5/wMGOrbfAU5D/k9encIRlERDCysn6DRFhm
 YmAXcii7r30XLjrMvM10OsD8d40ncbwf+MiaiflWCJeRAtbZdMZMSkeXcESDG0iAjojv
 DEOa+hSGlciaRqOocEZF0rtjzIGsxhp5yBXY82ATM9TjIrcJ4ZiCcWeiQIbCGCsQSBeP
 ILRA==
X-Gm-Message-State: AEkoouu05uArNDU40to1h8TvodjtoGReHvwz5i6AfWDQ6YPCKtGvmIFoMIOOZAmLYwbrtVomUapAg5pRI/WITw==
X-Received: by 10.31.107.89 with SMTP id g86mr5223370vkc.52.1470957105186;
 Thu, 11 Aug 2016 16:11:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.69.131 with HTTP; Thu, 11 Aug 2016 16:11:44 -0700 (PDT)
Received: by 10.176.69.131 with HTTP; Thu, 11 Aug 2016 16:11:44 -0700 (PDT)
In-Reply-To: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
From: Demi Obenour <demiobenour@gmail.com>
Date: Thu, 11 Aug 2016 19:11:44 -0400
Message-ID: <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
Subject: Re: #19350 24.4;
 Incorrect quoting of %-signs for Windows command shell
To: Noam Postavsky <npostavs@users.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a11478678bc0aa10539d3e30b
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
X-Mailman-Approved-At: Thu, 11 Aug 2016 19:41:02 -0400
Cc: 19350@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a11478678bc0aa10539d3e30b
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I think that this needs to be fixed 100% =E2=80=94 it is a security issue.

Another option is to enable command extensions every time Emacs spawns a
shell.

On Aug 10, 2016 9:00 AM, "Noam Postavsky" <npostavs@users.sourceforge.net>
wrote:
>
> tag 19350 confirmed
> severity 19350 minor
> quit
>
> > Looking at the code in subr.el, it is clear that Emacs mishandles
> > %-signs when escaping for the Windows command interpreter.
> [...]
> >
> > I deleted the lossage from the report, as there is no point in includin=
g
> > it, this being a logic error in subr.el. In fact, the buggy code is dea=
d
> > on my machine (I run Linux) -- I happened to know about the problem on
> > Windows.
>
> Well, it would have been nice to mention which function you're talking
> about, and give an example problematic string.  I guess it's
> shell-quote-argument:
>
> Evaluating
>
> (let ((process-environment (cl-list* "ca^=3Dwith-caret"
>                                      "ca=3Dwithout-caret"
>                                      process-environment)))
>   (insert (shell-command-to-string
>            (format "echo %s %s %s"
>                    "%ca%"
>                    (shell-quote-argument "%ca%")
>                    "%%CD:~,0%ca%%CD:~,0%"))))
> gives
>
> without-caret "with-caret" %ca%
>
> On the other hand, this is such an obscure corner case, I'm don't know
> if it's even worth fixing.
>
> > A method of handling % that I believe to be fully
> > robust is to follow (not precede) each series of % characters with
> > %CD:~,0%. This is an expansion that always expands to the empty
> > string. It will work provided that:
> >
> > * Command Extensions are enabled.
>
> I'm not sure if Emacs can assume this.
>
> >
> > * It is not possible for cmd.exe to interpret an environment variable
> >   whose name is the empty string.
>
> I found that adding "=3Demptyvar" to process-environment caused
> "Spawning child process: exec format error", so I guess this
> assumption is safe.

--001a11478678bc0aa10539d3e30b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">I think that this needs to be fixed 100% =E2=80=94 it is a s=
ecurity issue.</p>
<p dir=3D"ltr">Another option is to enable command extensions every time Em=
acs spawns a shell.</p>
<p dir=3D"ltr">On Aug 10, 2016 9:00 AM, &quot;Noam Postavsky&quot; &lt;<a h=
ref=3D"mailto:npostavs@users.sourceforge.net">npostavs@users.sourceforge.ne=
t</a>&gt; wrote:<br>
&gt;<br>
&gt; tag 19350 confirmed<br>
&gt; severity 19350 minor<br>
&gt; quit<br>
&gt;<br>
&gt; &gt; Looking at the code in subr.el, it is clear that Emacs mishandles=
<br>
&gt; &gt; %-signs when escaping for the Windows command interpreter.<br>
&gt; [...]<br>
&gt; &gt;<br>
&gt; &gt; I deleted the lossage from the report, as there is no point in in=
cluding<br>
&gt; &gt; it, this being a logic error in subr.el. In fact, the buggy code =
is dead<br>
&gt; &gt; on my machine (I run Linux) -- I happened to know about the probl=
em on<br>
&gt; &gt; Windows.<br>
&gt;<br>
&gt; Well, it would have been nice to mention which function you&#39;re tal=
king<br>
&gt; about, and give an example problematic string.=C2=A0 I guess it&#39;s<=
br>
&gt; shell-quote-argument:<br>
&gt;<br>
&gt; Evaluating<br>
&gt;<br>
&gt; (let ((process-environment (cl-list* &quot;ca^=3Dwith-caret&quot;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&quot;ca=3Dwi=
thout-caret&quot;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0process-envir=
onment)))<br>
&gt; =C2=A0 (insert (shell-command-to-string<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(format &quot;echo %s %s %s&q=
uot;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&=
quot;%ca%&quot;<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(=
shell-quote-argument &quot;%ca%&quot;)<br>
&gt; =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&=
quot;%%CD:~,0%ca%%CD:~,0%&quot;))))<br>
&gt; gives<br>
&gt;<br>
&gt; without-caret &quot;with-caret&quot; %ca%<br>
&gt;<br>
&gt; On the other hand, this is such an obscure corner case, I&#39;m don&#3=
9;t know<br>
&gt; if it&#39;s even worth fixing.<br>
&gt;<br>
&gt; &gt; A method of handling % that I believe to be fully<br>
&gt; &gt; robust is to follow (not precede) each series of % characters wit=
h<br>
&gt; &gt; %CD:~,0%. This is an expansion that always expands to the empty<b=
r>
&gt; &gt; string. It will work provided that:<br>
&gt; &gt;<br>
&gt; &gt; * Command Extensions are enabled.<br>
&gt;<br>
&gt; I&#39;m not sure if Emacs can assume this.<br>
&gt;<br>
&gt; &gt;<br>
&gt; &gt; * It is not possible for cmd.exe to interpret an environment vari=
able<br>
&gt; &gt;=C2=A0 =C2=A0whose name is the empty string.<br>
&gt;<br>
&gt; I found that adding &quot;=3Demptyvar&quot; to process-environment cau=
sed<br>
&gt; &quot;Spawning child process: exec format error&quot;, so I guess this=
<br>
&gt; assumption is safe.<br></p>

--001a11478678bc0aa10539d3e30b--




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 11 20:41:57 2016
Received: (at 19350) by debbugs.gnu.org; 12 Aug 2016 00:41:57 +0000
Received: from localhost ([127.0.0.1]:54529 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bY0Xt-0005EG-CY
	for submit@debbugs.gnu.org; Thu, 11 Aug 2016 20:41:57 -0400
Received: from mail-io0-f181.google.com ([209.85.223.181]:35971)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1bY0Xr-0005E0-CZ
 for 19350@debbugs.gnu.org; Thu, 11 Aug 2016 20:41:55 -0400
Received: by mail-io0-f181.google.com with SMTP id b62so11732270iod.3
 for <19350@debbugs.gnu.org>; Thu, 11 Aug 2016 17:41:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=G7Tt7icxnGib+8RwNw2FmrXGutLp1Ul2GxbzaCj7B6A=;
 b=Slvm1k4BXIJveTyMaP+InABMkEq/oeJnYgZAb9jiVj3x4SZCsY/0VAj0b5kzMKle8a
 OBgkLTKIxsjOWWR1E5U7IZ8GpcLe/Hk5UjpmL/tBzPGgvoFWQ2jmSEH6rUyzMGb9lwZM
 n2QrmSGBLNAD0oAfgEOt3GyczUhpK5vONcj+88BCADbpNFJ75MJLZZmfEEFGrQsPz75m
 ybeUKuyrQDYcIgNnDcKr+VZDmOlAufNUONj5cnwDKeUNwswkOp522gaOhfqNy0e/TRUN
 +gXeBs0WwRXvvIwvi1z4AXHn7LjHnyE36ZlRlQE3VCUypCjvIOAJa6MMUQwUjGUqVWJK
 NheA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:sender:from:to:cc:subject:references:date
 :in-reply-to:message-id:user-agent:mime-version
 :content-transfer-encoding;
 bh=G7Tt7icxnGib+8RwNw2FmrXGutLp1Ul2GxbzaCj7B6A=;
 b=NP4dvN27n4cAKe2plWeRPPcDTjxVjhV6fnG9e3Ckq0z4XV4It7ATDdMs/WsOYxikqG
 5Y+GPpfpSxsn0r3dbyxZuEgL0quGeS4VG8kuXuawf5ODh7ZxX9cFcN0ALO20FmvxI5gh
 EoIHEJo55L9ojURd6mlRePyPB6BBo1PW09dLMAGL+YLR5sG8FW3w0gm1FSsLILsR9bVX
 ZRl/VpeIUvv4Nlxpi/EUIcnaupJkvlynIKbxM8IvcM+nN23K1jW8WGT9qtnak1DdGwkA
 m6Mg3u6nAMhu1TmO6m+hp+vZ8Iv7Z2lp8ylyP+cRzuN9cixthL7fkXYwv7jMhCX/CEs4
 98kA==
X-Gm-Message-State: AEkoouuczikX07aHd4V2jPajySuX8QMrxa+54qotnrEMF4spQmBOelwjTUdzhElwUiDaHw==
X-Received: by 10.107.134.93 with SMTP id i90mr14921184iod.153.1470962509866; 
 Thu, 11 Aug 2016 17:41:49 -0700 (PDT)
Received: from zony (206-188-64-44.cpe.distributel.net. [206.188.64.44])
 by smtp.googlemail.com with ESMTPSA id o15sm53154ith.2.2016.08.11.17.41.48
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 11 Aug 2016 17:41:49 -0700 (PDT)
From: npostavs@users.sourceforge.net
To: Demi Obenour <demiobenour@gmail.com>
Subject: Re: bug#19350: #19350 24.4;
 Incorrect quoting of %-signs for Windows command shell
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
Date: Thu, 11 Aug 2016 20:41:57 -0400
In-Reply-To: <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com> (Demi
 Obenour's message of "Thu, 11 Aug 2016 19:11:44 -0400")
Message-ID: <87k2fmyg16.fsf@users.sourceforge.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Demi Obenour <demiobenour@gmail.com> writes:

> I think that this needs to be fixed 100% =E2=80=94 it is a security issue.

Doesn't it require the attacker to already control Emacs' environment?




From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 14 20:44:24 2016
Received: (at 19350) by debbugs.gnu.org; 15 Aug 2016 00:44:24 +0000
Received: from localhost ([127.0.0.1]:57680 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bZ60u-0001AK-EV
	for submit@debbugs.gnu.org; Sun, 14 Aug 2016 20:44:24 -0400
Received: from mail-ua0-f170.google.com ([209.85.217.170]:35536)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <demiobenour@gmail.com>) id 1bZ60t-0001A7-Cs
 for 19350@debbugs.gnu.org; Sun, 14 Aug 2016 20:44:23 -0400
Received: by mail-ua0-f170.google.com with SMTP id n59so54490859uan.2
 for <19350@debbugs.gnu.org>; Sun, 14 Aug 2016 17:44:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=1eVfQnEk1Lio/bQWl2mMMH696foJMD4zs9xHHyFoO8Q=;
 b=EBwHsJaBMokQNJ0/SD2aTStF32ePgwTIUfQMq7434w3QZwcJeYatmcM7i34PwW9mLL
 btbgNngSWeFYbrxrZ1ZdXnkEwZc9zg0TpUpuNDYZVfR9ujUM7MQGH8Q0UlmlQfEAaAPa
 3rU9r3UJIbKIrbdvUwR2OBG4WkY0SbpmLh3TFIQY1+zTPOlqrsSmWcq2FCnHLYLjUvQr
 WjWCrAYqirvlPHRg4ADvsPysLpsHbWj9F9jcoxnnzlICWQCg1xmxBXZJylrVi2egCdva
 GK4ps32PiGfKojNtf8/YzTyFyfn+jelDdo/ficuTqQirFjQnhOvuiv5nfLd1sH2GDHK/
 a2Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=1eVfQnEk1Lio/bQWl2mMMH696foJMD4zs9xHHyFoO8Q=;
 b=F8b8fCp3zpJgZePJPROnmo6viJjpwEjG1u+uhQ6OJknnKLV034xUk+fincsYnsiFIX
 4gOLnlMOMcMD15R27G2Fb7/UaLyBAT97oZWUnV9yF7pSaqaSjZcDTA6qx+ZsrjrPTkza
 c1JG7C4IXR9rUvsWz2bLszwmIWvSBe3iAqamMygu9EE/2boU31thLbIxEgHzZYyGFndL
 PSMptSs4784P3q8tgtq91QJgRZVXMI0o99rpIlxcjWL73uxAhl3dw9MG9/ovZADFDMIT
 vg4UPmbNun4S+STCXoKRyWGqOpJO+5PvdjfZAiPaC9MJpP19bYOPjKKq9Wg1JyBioHFv
 fmdg==
X-Gm-Message-State: AEkooutXOJQwbtVrgNfRpLsTlrXZ18pybpVM/PrNNi3x6AboqHHawkjudixg23sTPRt5EKL2KKI174lz015GwA==
X-Received: by 10.31.200.198 with SMTP id y189mr11696503vkf.118.1471221857738; 
 Sun, 14 Aug 2016 17:44:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.69.131 with HTTP; Sun, 14 Aug 2016 17:44:17 -0700 (PDT)
Received: by 10.176.69.131 with HTTP; Sun, 14 Aug 2016 17:44:17 -0700 (PDT)
In-Reply-To: <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
From: Demi Obenour <demiobenour@gmail.com>
Date: Sun, 14 Aug 2016 20:44:17 -0400
Message-ID: <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: Noam Postavsky <npostavs@users.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a11488d8c37640e053a118810
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a11488d8c37640e053a118810
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

We don't know what this is being used for.  For all we know, someone has
written an Emacs plugin that passes a file with an attacker-controlled
basename (ex. downloaded from the Internet) and uses this function to
escape the filename before passing it to an external command, and in a
context where there are unbalanced double quotes (say) in a known env var.
Result: remote execution of arbitrary code.

On Aug 11, 2016 8:41 PM, <npostavs@users.sourceforge.net> wrote:

Demi Obenour <demiobenour@gmail.com> writes:

> I think that this needs to be fixed 100% =E2=80=94 it is a security issue=
.

Doesn't it require the attacker to already control Emacs' environment?

--001a11488d8c37640e053a118810
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">We don&#39;t know what this is being used for.=C2=A0 For all=
 we know, someone has written an Emacs plugin that passes a file with an at=
tacker-controlled basename (ex. downloaded from the Internet) and uses this=
 function to escape the filename before passing it to an external command, =
and in a context where there are unbalanced double quotes (say) in a known =
env var.=C2=A0 Result: remote execution of arbitrary code.</p>
<div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Aug 11, 2016 8=
:41 PM,  &lt;<a href=3D"mailto:npostavs@users.sourceforge.net">npostavs@use=
rs.sourceforge.net</a>&gt; wrote:<br type=3D"attribution"><blockquote class=
=3D"quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">Demi Obenour &lt;<a href=3D"mailto:demiobenour@gmail.com">demiobeno=
ur@gmail.com</a>&gt; writes:<br>
<br>
&gt; I think that this needs to be fixed 100% =E2=80=94 it is a security is=
sue.<br>
<br>
Doesn&#39;t it require the attacker to already control Emacs&#39; environme=
nt?<br>
</blockquote></div><br></div>

--001a11488d8c37640e053a118810--




From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 14 23:13:41 2016
Received: (at 19350) by debbugs.gnu.org; 15 Aug 2016 03:13:41 +0000
Received: from localhost ([127.0.0.1]:57761 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bZ8LN-0004gl-19
	for submit@debbugs.gnu.org; Sun, 14 Aug 2016 23:13:41 -0400
Received: from mail-io0-f174.google.com ([209.85.223.174]:32870)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1bZ8LL-0004gZ-5o
 for 19350@debbugs.gnu.org; Sun, 14 Aug 2016 23:13:39 -0400
Received: by mail-io0-f174.google.com with SMTP id 38so70830160iol.0
 for <19350@debbugs.gnu.org>; Sun, 14 Aug 2016 20:13:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=PRjZeUDhs9a3uk6GgLu/CIz62BQEuGcGIWiWnz0rdTg=;
 b=ZLmUiLsPuWtWCA9y1ddwQFi5fH0TzrhrYlZTfzBXHImxLV4OLtByPaQpbPcB6oQ2Yu
 l83PR6rDWz/hvd6OqzoykBOj8qPQOgjWCKQa7YGjCfGsonRiShnZu4SazjoFylGSwSwk
 7Kd2qLrQ4Ex8xrcBUkbPH9FSBEYsommCYEOV/9qmXH3pNPS6Hu4uktjE6R7ifsLEQx08
 yC+eg7u8sy5duAzP8KeHPQxIcK9rkFwDZLF0H4jLXWQ+I4kKhWrHiDbLpe8YzJ/JnMb2
 t246bFnJmP6UW+nwGqHTCzXmF8NkihCCOpE9sm5rfeGGAIwPakVUtuxPDHOIoEGaOCvq
 6cjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:sender:from:to:cc:subject:references:date
 :in-reply-to:message-id:user-agent:mime-version;
 bh=PRjZeUDhs9a3uk6GgLu/CIz62BQEuGcGIWiWnz0rdTg=;
 b=W6hAEIdscEkpeZTWAiUvTTlL4XY+iI23eHPaQDPOEM5i7+3OVgA9FRBTc40euDpT4O
 ++Z5vqW42Uo43SgRjc8v4nkPwHx7vMZnIQLXVjWaKXJcAk7jwyedrxGN/HtWNmRZcpNO
 9CXhM24yNdcVBas79WtDdNApES0bpf8t+jKCLaW+KTSeCVqkW4qDMrPh5sEVfPXsN0tr
 XiJlEJXaJwCz5Ol0zF9qyYod+KCdv1HZe4vVBrkXSoMZ6u1wE4adhjpjE5g+ndbtap3X
 qHl+I0Sq/hw9P6BufPGiDRFBui/P29tLpxNJGHCb63q2Xv+3G0KePiXyIJUPgDwplyWp
 wiwg==
X-Gm-Message-State: AEkoouvupeMiztjXo6vz9bxv42Pa9qqQiJzs5zixY0B4GOYVh2fGNI+OhMA4aQonIPqBWw==
X-Received: by 10.107.150.83 with SMTP id y80mr31958053iod.113.1471230813426; 
 Sun, 14 Aug 2016 20:13:33 -0700 (PDT)
Received: from zony (206-188-64-44.cpe.distributel.net. [206.188.64.44])
 by smtp.googlemail.com with ESMTPSA id h63sm6571145ita.12.2016.08.14.20.13.32
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 14 Aug 2016 20:13:32 -0700 (PDT)
From: npostavs@users.sourceforge.net
To: Demi Obenour <demiobenour@gmail.com>
Subject: Re: bug#19350: #19350 24.4;
 Incorrect quoting of %-signs for Windows command shell
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
Date: Sun, 14 Aug 2016 23:13:43 -0400
In-Reply-To: <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com> (Demi
 Obenour's message of "Sun, 14 Aug 2016 20:44:17 -0400")
Message-ID: <87shu6vi54.fsf@users.sourceforge.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Demi Obenour <demiobenour@gmail.com> writes:

> We don't know what this is being used for. For all we know, someone has written an Emacs plugin that passes a file with an attacker-controlled basename (ex.
> downloaded from the Internet) and uses this function to escape the filename before passing it to an external command, and in a context where there are unbalanced
> double quotes (say) in a known env var. Result: remote execution of arbitrary code.

Hmm, maybe we could fix this by making Emacs refuse to apply environment
variables with names ending in carets?




From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 15 11:01:34 2016
Received: (at 19350) by debbugs.gnu.org; 15 Aug 2016 15:01:34 +0000
Received: from localhost ([127.0.0.1]:58430 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bZJOP-0006VL-RG
	for submit@debbugs.gnu.org; Mon, 15 Aug 2016 11:01:34 -0400
Received: from eggs.gnu.org ([208.118.235.92]:51491)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1bZJOO-0006VA-Ph
 for 19350@debbugs.gnu.org; Mon, 15 Aug 2016 11:01:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eliz@gnu.org>) id 1bZJOE-0007GD-Ia
 for 19350@debbugs.gnu.org; Mon, 15 Aug 2016 11:01:27 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_40,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36250)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
 id 1bZJOE-0007G6-Eh; Mon, 15 Aug 2016 11:01:22 -0400
Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1877
 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <eliz@gnu.org>)
 id 1bZJOC-0003Vr-5x; Mon, 15 Aug 2016 11:01:21 -0400
Date: Mon, 15 Aug 2016 18:01:15 +0300
Message-Id: <83twemf550.fsf@gnu.org>
From: Eli Zaretskii <eliz@gnu.org>
To: npostavs@users.sourceforge.net
In-reply-to: <87shu6vi54.fsf@users.sourceforge.net>
 (npostavs@users.sourceforge.net)
Subject: Re: bug#19350: #19350 24.4;
 Incorrect quoting of %-signs for Windows command shell
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.6 (-----)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, demiobenour@gmail.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: Eli Zaretskii <eliz@gnu.org>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.6 (-----)

> From: npostavs@users.sourceforge.net
> Date: Sun, 14 Aug 2016 23:13:43 -0400
> Cc: 19350@debbugs.gnu.org
> 
> Hmm, maybe we could fix this by making Emacs refuse to apply environment
> variables with names ending in carets?

I'm very much against disallowing perfectly valid (if rare) use cases
just because someone malicious can take advantage of that.

>From my POV, as long as Emacs itself doesn't produce such shell
commands and/or environment variables for any of its features,
avoiding this becomes user's responsibility, just like when working at
the shell prompt.  Of course, if we can find a reliable solution to
the problem that doesn't take away features, that'd be better, but
failing that, I'm okay with leaving this alone, perhaps documenting
somewhere that using % in shell commands when there are environment
variables ending in ^ could produce surprising results.

Thanks.




From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 17 22:03:03 2016
Received: (at 19350) by debbugs.gnu.org; 18 Aug 2016 02:03:03 +0000
Received: from localhost ([127.0.0.1]:60638 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1baCfe-00023T-UO
	for submit@debbugs.gnu.org; Wed, 17 Aug 2016 22:03:03 -0400
Received: from mail-ua0-f194.google.com ([209.85.217.194]:33016)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <demiobenour@gmail.com>) id 1baCfd-00022z-7U
 for 19350@debbugs.gnu.org; Wed, 17 Aug 2016 22:03:01 -0400
Received: by mail-ua0-f194.google.com with SMTP id u13so1117246uau.0
 for <19350@debbugs.gnu.org>; Wed, 17 Aug 2016 19:03:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=u8thl3HnQ41L+JnVvrPs8Gnxpe2n9Fv0SncvpHJr7R8=;
 b=Ve6x4KS/81EE2FCJZZyoTPrxSYTHGBDyLQ8JJ2KZGimdufouNljRhisV3hGhHB12zp
 TXRX5h6RnzdLngBZgeokNuk7Rlgus+7uA7lsjWplEs2x+FniEmlkNWoVoNbHIZG+Ih7T
 owiOq9QQ/ZZngkdk6bw2cb3srfhy9pjYA0E8Ko2HZFR7X//dK1exv22gexzMPT9kv0K2
 C2qjpo2eo5h289I4pqSWE/fJ+yohd0sFSVqE5pM6PCq2VluadFImHU7VJXYiytH6VKc/
 YlOyCRLMQUcrgss2DrCgigrwFOp/7M9vb+MR06F+56NP3t2tA7VJvc4e0RuYf1EIbz5H
 Frjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=u8thl3HnQ41L+JnVvrPs8Gnxpe2n9Fv0SncvpHJr7R8=;
 b=DuG04odGrOUZ2LITIKIWTScIbJEFEyI71zrrY7l+/xZ5mu2h5SOwdwWCtGAoqITo3P
 o1G+hKvA1TYfYT5jOFJA5h1auXxLecLf8pbY2SsnyNzfaIg6MA/8AyXqOTBhO7LDigwj
 a+PlllF5SKsQpRgz+my3SAp0GjTYDhlgkzRhAaLn8clKBcn16JUudyWeo0sducyj+lWm
 2y13tL6fsyvoFMXNlYhuHPquvUC9MCg1twN3YXDG7lVQ7ZQ6En/k8neenl7dH+nhIBhd
 2lyKfshY3n6ff3vAcFIbRY6CRgmWcrgC/EuGFrZ6pQsfdQPsB3VsU5LjUI0/tpxmdXhG
 QByQ==
X-Gm-Message-State: AEkoouvjdhgyd0D4mGH/iy3IJEDlugVxlSJFDdT072GhFuw+wSI/Nw8l4fGj7w/uZyC40fpFQzhOp9ID0TuBhA==
X-Received: by 10.31.200.198 with SMTP id y189mr20000650vkf.118.1471485775811; 
 Wed, 17 Aug 2016 19:02:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.69.131 with HTTP; Wed, 17 Aug 2016 19:02:55 -0700 (PDT)
Received: by 10.176.69.131 with HTTP; Wed, 17 Aug 2016 19:02:55 -0700 (PDT)
In-Reply-To: <83twemf550.fsf@gnu.org>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
From: Demi Obenour <demiobenour@gmail.com>
Date: Wed, 17 Aug 2016 22:02:55 -0400
Message-ID: <CAJEMUN86xBezjzT4_jcE8kfemH=v87Rhf+d0hLwz2u_vTnoVUw@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: Eli Zaretskii <eliz@gnu.org>
Content-Type: multipart/alternative; boundary=001a11488d8cf599c4053a4efac4
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, Noam Postavsky <npostavs@users.sourceforge.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a11488d8cf599c4053a4efac4
Content-Type: text/plain; charset=UTF-8

But *nix has no such feature, nor the associated gotcha.

On Aug 15, 2016 11:01 AM, "Eli Zaretskii" <eliz@gnu.org> wrote:

> > From: npostavs@users.sourceforge.net
> > Date: Sun, 14 Aug 2016 23:13:43 -0400
> > Cc: 19350@debbugs.gnu.org
> >
> > Hmm, maybe we could fix this by making Emacs refuse to apply environment
> > variables with names ending in carets?
>
> I'm very much against disallowing perfectly valid (if rare) use cases
> just because someone malicious can take advantage of that.
>
> From my POV, as long as Emacs itself doesn't produce such shell
> commands and/or environment variables for any of its features,
> avoiding this becomes user's responsibility, just like when working at
> the shell prompt.  Of course, if we can find a reliable solution to
> the problem that doesn't take away features, that'd be better, but
> failing that, I'm okay with leaving this alone, perhaps documenting
> somewhere that using % in shell commands when there are environment
> variables ending in ^ could produce surprising results.
>
> Thanks.
>

--001a11488d8cf599c4053a4efac4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">But *nix has no such feature, nor the associated gotcha.</p>
<div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Aug 15, 2016 1=
1:01 AM, &quot;Eli Zaretskii&quot; &lt;<a href=3D"mailto:eliz@gnu.org">eliz=
@gnu.org</a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex">&gt; From: <a href=3D"mailto:npostavs@users.sourceforge.net">npostavs@u=
sers.sourceforge.net</a><br>
&gt; Date: Sun, 14 Aug 2016 23:13:43 -0400<br>
&gt; Cc: <a href=3D"mailto:19350@debbugs.gnu.org">19350@debbugs.gnu.org</a>=
<br>
&gt;<br>
&gt; Hmm, maybe we could fix this by making Emacs refuse to apply environme=
nt<br>
&gt; variables with names ending in carets?<br>
<br>
I&#39;m very much against disallowing perfectly valid (if rare) use cases<b=
r>
just because someone malicious can take advantage of that.<br>
<br>
>From my POV, as long as Emacs itself doesn&#39;t produce such shell<br>
commands and/or environment variables for any of its features,<br>
avoiding this becomes user&#39;s responsibility, just like when working at<=
br>
the shell prompt.=C2=A0 Of course, if we can find a reliable solution to<br=
>
the problem that doesn&#39;t take away features, that&#39;d be better, but<=
br>
failing that, I&#39;m okay with leaving this alone, perhaps documenting<br>
somewhere that using % in shell commands when there are environment<br>
variables ending in ^ could produce surprising results.<br>
<br>
Thanks.<br>
</blockquote></div></div>

--001a11488d8cf599c4053a4efac4--




From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 17 22:21:12 2016
Received: (at 19350) by debbugs.gnu.org; 18 Aug 2016 02:21:12 +0000
Received: from localhost ([127.0.0.1]:60652 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1baCxE-0002Uh-Jm
	for submit@debbugs.gnu.org; Wed, 17 Aug 2016 22:21:12 -0400
Received: from mail-oi0-f68.google.com ([209.85.218.68]:35330)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1baCxC-0002US-Tk
 for 19350@debbugs.gnu.org; Wed, 17 Aug 2016 22:21:11 -0400
Received: by mail-oi0-f68.google.com with SMTP id e80so1457265oig.2
 for <19350@debbugs.gnu.org>; Wed, 17 Aug 2016 19:21:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=D+nhbb6FbsC3ihMEr1vAaUxS8/lpbioeyWZsT/f/AwE=;
 b=D+HKgD1bm473NycehTlwg5hyW03+hCZC2Fy7UAT+fuPK3csVqzD1MZcnkKQu/YS4PM
 C1WsOryvYbJN/fYOW4wP2Kls2nmS2mN/FdGTssfy4hFFcV0CJp3FAaJM4MbFP0l0xq8X
 AnsD3cCpmQ9Ztcx7tboRFIL+anQYNw10LlUgijnA09lFz2prBboEdZSYA7+4bbLjcujO
 4RqlmRhCqee+iDyRy2pVPKRjrinnmOLX//S6n7S7TjiNQXQ8201v24dOf2ijkjKJrvuu
 gr6b3twONM3B/nf1L1ewrqJ9FcPsGnNuZhCeiMZyR6yegA1Hi0+LN/P2go2IzB8WzZ+N
 WnLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=D+nhbb6FbsC3ihMEr1vAaUxS8/lpbioeyWZsT/f/AwE=;
 b=HqCv676HJ/NMxPNj3wxYd+984RU72ef1Oe5HabNT5jGSpg5pduuL1YWCqQBE2fIdOt
 hdCTUQ4FOE7aVEos7nqFOE1g2BFi6sBBi4yXiSgcv07f/J+b5kCwIq/s0iHl2PNo64Ar
 gx3nnP/Ky758PgjokYPipjntIjYtE4HEqgnbnyyEQ/J4CHBAH6tLyCwKus0CDRaejp+R
 EMhh5hz2n5UTxBJvX8DFAEDmxtXEht5D4bx+fROnRbKNe9J6+4RcrgHX0QiHBFJygt7f
 GGgocQe5MyClQl04j1p4dnaU0R0Hhn9jgZbEU0YwwL7JMYWeea9ydN3jq6Y8DAY6eayx
 TlTg==
X-Gm-Message-State: AEkooushl2wVr9Dx7Xw8ytlKOjSj6m4wTSMP5Iyg0Ru/uibe1DsqvuAc8yxDdSM3GRPf7U0PXHtFxzhaGxKqIw==
X-Received: by 10.157.49.81 with SMTP id v17mr7031457otd.134.1471486865308;
 Wed, 17 Aug 2016 19:21:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.7.200 with HTTP; Wed, 17 Aug 2016 19:21:04 -0700 (PDT)
In-Reply-To: <CAJEMUN86xBezjzT4_jcE8kfemH=v87Rhf+d0hLwz2u_vTnoVUw@mail.gmail.com>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
 <CAJEMUN86xBezjzT4_jcE8kfemH=v87Rhf+d0hLwz2u_vTnoVUw@mail.gmail.com>
From: Noam Postavsky <npostavs@users.sourceforge.net>
Date: Wed, 17 Aug 2016 22:21:04 -0400
X-Google-Sender-Auth: CGDyxtqo6RWgB1X3X8LCj1fnmqs
Message-ID: <CAM-tV-_iJWZo7taGYMUf9w9+n4k70P09mUMi3iGT2q8B8bpvxA@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: Demi Obenour <demiobenour@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Wed, Aug 17, 2016 at 10:02 PM, Demi Obenour <demiobenour@gmail.com> wrote:
> But *nix has no such feature, nor the associated gotcha.

By "feature" you mean having variables whose name ends in a caret (or
other escape character)? It's true that existing *nix shells don't,
but the OS does support them (and so hypothetical shells could do as
well):

(let ((process-environment (cons "ca^=with-caret" process-environment)))
  (shell-command-to-string "python -c 'import
os;print(os.environ[\"ca^\"])'")) ;=> "with-caret\n"




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 18 07:54:28 2016
Received: (at 19350) by debbugs.gnu.org; 18 Aug 2016 11:54:28 +0000
Received: from localhost ([127.0.0.1]:60925 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1baLu0-00056S-GX
	for submit@debbugs.gnu.org; Thu, 18 Aug 2016 07:54:28 -0400
Received: from mail-ua0-f176.google.com ([209.85.217.176]:36479)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <demiobenour@gmail.com>) id 1baLtz-00056F-1O
 for 19350@debbugs.gnu.org; Thu, 18 Aug 2016 07:54:27 -0400
Received: by mail-ua0-f176.google.com with SMTP id 97so23749394uav.3
 for <19350@debbugs.gnu.org>; Thu, 18 Aug 2016 04:54:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=wzXcYL83I2JsAZMSJm+bZ8woL4GOzK4iyqa1sFk53Rk=;
 b=oV76xymZCc1jAeBlopQwxDzqI+8ve6kDM1vOhxRxSAQmsI3OwA/LVZMw5JNTxBmG3y
 xq635+pHEK654yyz3aoBGIA31+QaW3P/haX2j8kdJ9uVYl6TdA0L3BX3yojHhuZeOAnm
 xNyl9V1oOyHfPPDUQ6t7Ya/BpEHUDp6y9EDuUFHRcub4tbPtqZAPAyToYh/9ci7dqMjQ
 9qwKOpDBlUdRKIlRrsr80oqG4vL8bwNL480USNSrtHg45To3HXZk3e+XEZCqlPq3yLLu
 abUxRb+reP9zPmD2VnYIEwndd26M3bOwjZpotijKeufEOwobLyavEaq62SHFyNGRHqAI
 hD9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=wzXcYL83I2JsAZMSJm+bZ8woL4GOzK4iyqa1sFk53Rk=;
 b=K/fF212YNUZ1XWtup8SsRsGt5oB7pbkD8mckGe6gNVV7l2MI2jLb3C4xMC8wTj/kdF
 yh7yXgwHg7Rl6/k63AuViaAYCHoyVFqr367l2II531o6DvV25Ssw64AEyFiY7Lkcfbuv
 f8tjFvad0Tx9H/U4Frx74fx334rIiKhFHx1T0pW8e5wWr55+I/rg5KouXnt3e0DKhZw4
 isYo4+GimEFfPInaPg9s7SKlJC5so/4sLg+RnAqDw7xTmnwdWyaTYOtPTf9NSctU0OHR
 lf85oqBQ0E50HahlS/qc3mV6oDjlGxjljB9BQCUul8JeN9FfmxYCZMBdwCbmzftpvyBZ
 uV0A==
X-Gm-Message-State: AEkoouu9I2au89HfBoJNwq8/cpNqhbLLj30Ez5i7ZY7duy3V59gX49TFD1QeRTxJs42C+Jjj6l3X9K2bLzPCng==
X-Received: by 10.31.107.89 with SMTP id g86mr669410vkc.52.1471521261450; Thu,
 18 Aug 2016 04:54:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.69.131 with HTTP; Thu, 18 Aug 2016 04:54:20 -0700 (PDT)
Received: by 10.176.69.131 with HTTP; Thu, 18 Aug 2016 04:54:20 -0700 (PDT)
In-Reply-To: <CAM-tV-_iJWZo7taGYMUf9w9+n4k70P09mUMi3iGT2q8B8bpvxA@mail.gmail.com>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
 <CAJEMUN86xBezjzT4_jcE8kfemH=v87Rhf+d0hLwz2u_vTnoVUw@mail.gmail.com>
 <CAM-tV-_iJWZo7taGYMUf9w9+n4k70P09mUMi3iGT2q8B8bpvxA@mail.gmail.com>
From: Demi Obenour <demiobenour@gmail.com>
Date: Thu, 18 Aug 2016 07:54:20 -0400
Message-ID: <CAJEMUN-y+XU8NK9pGW5erb1JO2=oPfN-_9qPXJCG9Eh6De7bKw@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: Noam Postavsky <npostavs@users.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a11478678117c9a053a573ed7
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a11478678117c9a053a573ed7
Content-Type: text/plain; charset=UTF-8

No, I mean that such environment variables affect shell escaping.

On Aug 17, 2016 10:21 PM, "Noam Postavsky" <npostavs@users.sourceforge.net>
wrote:

> On Wed, Aug 17, 2016 at 10:02 PM, Demi Obenour <demiobenour@gmail.com>
> wrote:
> > But *nix has no such feature, nor the associated gotcha.
>
> By "feature" you mean having variables whose name ends in a caret (or
> other escape character)? It's true that existing *nix shells don't,
> but the OS does support them (and so hypothetical shells could do as
> well):
>
> (let ((process-environment (cons "ca^=with-caret" process-environment)))
>   (shell-command-to-string "python -c 'import
> os;print(os.environ[\"ca^\"])'")) ;=> "with-caret\n"
>

--001a11478678117c9a053a573ed7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">No, I mean that such environment variables affect shell esca=
ping.</p>
<div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Aug 17, 2016 1=
0:21 PM, &quot;Noam Postavsky&quot; &lt;<a href=3D"mailto:npostavs@users.so=
urceforge.net">npostavs@users.sourceforge.net</a>&gt; wrote:<br type=3D"att=
ribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord=
er-left:1px #ccc solid;padding-left:1ex">On Wed, Aug 17, 2016 at 10:02 PM, =
Demi Obenour &lt;<a href=3D"mailto:demiobenour@gmail.com">demiobenour@gmail=
.com</a>&gt; wrote:<br>
&gt; But *nix has no such feature, nor the associated gotcha.<br>
<br>
By &quot;feature&quot; you mean having variables whose name ends in a caret=
 (or<br>
other escape character)? It&#39;s true that existing *nix shells don&#39;t,=
<br>
but the OS does support them (and so hypothetical shells could do as<br>
well):<br>
<br>
(let ((process-environment (cons &quot;ca^=3Dwith-caret&quot; process-envir=
onment)))<br>
=C2=A0 (shell-command-to-string &quot;python -c &#39;import<br>
os;print(os.environ[\&quot;ca^\&quot;])&#39;<wbr>&quot;)) ;=3D&gt; &quot;wi=
th-caret\n&quot;<br>
</blockquote></div></div>

--001a11478678117c9a053a573ed7--




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 18 08:07:59 2016
Received: (at 19350) by debbugs.gnu.org; 18 Aug 2016 12:07:59 +0000
Received: from localhost ([127.0.0.1]:60952 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1baM70-0005Qp-3S
	for submit@debbugs.gnu.org; Thu, 18 Aug 2016 08:07:59 -0400
Received: from mail-oi0-f48.google.com ([209.85.218.48]:33608)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1baM6t-0005QY-NN
 for 19350@debbugs.gnu.org; Thu, 18 Aug 2016 08:07:52 -0400
Received: by mail-oi0-f48.google.com with SMTP id c15so19484351oig.0
 for <19350@debbugs.gnu.org>; Thu, 18 Aug 2016 05:07:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=8EkYgPaWDGVvYlgRRXoLPuSOIkXjYBayPyoJL/A/jBA=;
 b=QIaOOST8q17lvzKXfp3UZBKyQ4o09IO9uF91HkK+6rBTteFkTj3SMHHrzvUBPs/eSv
 yy8wp2DCCCIKDfDbn1gd254pC+lgMO7oQRpK+YZX3qGNABIfsz8yrRsJKifcN9xiERPY
 1L3cHi5Jo0o/QDRIBVl2RSgSFnR1U1XU/cmdHOrlNi9X52eekl25110r8c8DGnbJRJSj
 ZyIICzRvn24XAGcMsDyND0sP5CRliRVi88Ai3ZCGk6w1osNklC7pNzWdsAFOEo/DCmiQ
 LSBtavtySUA62Tl2+mNl65EEuePTiYCaqoDRt/DnAZlDb+hpwCFfh3Q+xD3tL3MzsVUT
 L7+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=8EkYgPaWDGVvYlgRRXoLPuSOIkXjYBayPyoJL/A/jBA=;
 b=mU+Qfj0kSAwwwMLwVZiNuA+e94aMMfIW/k7FWoFxCqjUiVvW/wn4siYzVmGUypUDHy
 P1bkDltEo4MKF4k41H9WRTDdOuLrZIv08kriBytf+R2LWRlEOCqJH7xZnb+w7SFlEN9y
 CJZWeySeZG6+nvS4RDaNP3tbWQWfed3SmUwwuT3EGDLlfnpDD+2kdkEMZiVBAFdXjGyk
 ZDVd5PjjbN5JLhM6X61n9aeCRCFskiQl+SVjYyGDVZLWmgf+xJjlT33yyyqJMbGdSKUq
 U0pZtGVvpPHO0mB8aTyMKzjLY+xxD47j+e34GxCJyYtQ71bt4mC3AkxbIPOQoR+KJMIQ
 AHDQ==
X-Gm-Message-State: AEkoousPRbqQrgysvnG38AOxljpGxyVmwAm4stqyHCpH2h7nU1l4dZqKFPjm6JgDpOvpv0ZJRUSAiC0irZJmHA==
X-Received: by 10.157.37.241 with SMTP id q104mr1097102ota.112.1471522062090; 
 Thu, 18 Aug 2016 05:07:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.7.200 with HTTP; Thu, 18 Aug 2016 05:07:41 -0700 (PDT)
In-Reply-To: <CAJEMUN86xBezjzT4_jcE8kfemH=v87Rhf+d0hLwz2u_vTnoVUw@mail.gmail.com>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
 <CAJEMUN86xBezjzT4_jcE8kfemH=v87Rhf+d0hLwz2u_vTnoVUw@mail.gmail.com>
From: Noam Postavsky <npostavs@users.sourceforge.net>
Date: Thu, 18 Aug 2016 08:07:41 -0400
X-Google-Sender-Auth: -mAAs86M0XPGhrIHqy9iHMVqsOE
Message-ID: <CAM-tV--KUtM=epj8+R8EW4_BpkMR+z+73MYjNoK-o+NOW8-GoQ@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: Demi Obenour <demiobenour@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Wed, Aug 17, 2016 at 10:02 PM, Demi Obenour <demiobenour@gmail.com> wrote:
> But *nix has no such feature [environment variables affect shell escaping], nor the associated gotcha.

I'm not sure what you're trying to point out here. Why does that
matter? We're talking about Windows, not *nix.

>
>
> On Aug 15, 2016 11:01 AM, "Eli Zaretskii" <eliz@gnu.org> wrote:
>>
>> > From: npostavs@users.sourceforge.net
>> > Date: Sun, 14 Aug 2016 23:13:43 -0400
>> > Cc: 19350@debbugs.gnu.org
>> >
>> > Hmm, maybe we could fix this by making Emacs refuse to apply environment
>> > variables with names ending in carets?
>>
>> I'm very much against disallowing perfectly valid (if rare) use cases
>> just because someone malicious can take advantage of that.
>>
>> From my POV, as long as Emacs itself doesn't produce such shell
>> commands and/or environment variables for any of its features,
>> avoiding this becomes user's responsibility, just like when working at
>> the shell prompt.  Of course, if we can find a reliable solution to
>> the problem that doesn't take away features, that'd be better, but
>> failing that, I'm okay with leaving this alone, perhaps documenting
>> somewhere that using % in shell commands when there are environment
>> variables ending in ^ could produce surprising results.
>>
>> Thanks.




From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 18 10:18:00 2016
Received: (at 19350) by debbugs.gnu.org; 18 Aug 2016 14:18:00 +0000
Received: from localhost ([127.0.0.1]:33487 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1baO8t-0003Yz-Ta
	for submit@debbugs.gnu.org; Thu, 18 Aug 2016 10:18:00 -0400
Received: from eggs.gnu.org ([208.118.235.92]:38437)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1baO8t-0003Yl-06
 for 19350@debbugs.gnu.org; Thu, 18 Aug 2016 10:17:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eliz@gnu.org>) id 1baO8j-0003Ie-P4
 for 19350@debbugs.gnu.org; Thu, 18 Aug 2016 10:17:53 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:60302)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
 id 1baO8j-0003IY-Lx; Thu, 18 Aug 2016 10:17:49 -0400
Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:2345
 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <eliz@gnu.org>)
 id 1baO8i-0002Qp-RM; Thu, 18 Aug 2016 10:17:49 -0400
Date: Thu, 18 Aug 2016 17:17:54 +0300
Message-Id: <83oa4qduul.fsf@gnu.org>
From: Eli Zaretskii <eliz@gnu.org>
To: Noam Postavsky <npostavs@users.sourceforge.net>
In-reply-to: <CAM-tV--KUtM=epj8+R8EW4_BpkMR+z+73MYjNoK-o+NOW8-GoQ@mail.gmail.com>
 (message from Noam Postavsky on Thu, 18 Aug 2016 08:07:41 -0400)
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
 <CAJEMUN86xBezjzT4_jcE8kfemH=v87Rhf+d0hLwz2u_vTnoVUw@mail.gmail.com>
 <CAM-tV--KUtM=epj8+R8EW4_BpkMR+z+73MYjNoK-o+NOW8-GoQ@mail.gmail.com>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.6 (-----)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, demiobenour@gmail.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: Eli Zaretskii <eliz@gnu.org>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.6 (-----)

> From: Noam Postavsky <npostavs@users.sourceforge.net>
> Date: Thu, 18 Aug 2016 08:07:41 -0400
> Cc: Eli Zaretskii <eliz@gnu.org>, 19350@debbugs.gnu.org
> 
> On Wed, Aug 17, 2016 at 10:02 PM, Demi Obenour <demiobenour@gmail.com> wrote:
> > But *nix has no such feature [environment variables affect shell escaping], nor the associated gotcha.
> 
> I'm not sure what you're trying to point out here. Why does that
> matter? We're talking about Windows, not *nix.

Indeed.  When I wrote "as shell prompt" I meant the Windows shell, not
the Unix shell.  Emacs tries to hide the OS idiosyncrasies as much as
it can, but that's not possible everywhere.




From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 03 14:47:44 2016
Received: (at 19350) by debbugs.gnu.org; 3 Oct 2016 18:47:44 +0000
Received: from localhost ([127.0.0.1]:43315 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1br8HA-0003DQ-7W
	for submit@debbugs.gnu.org; Mon, 03 Oct 2016 14:47:44 -0400
Received: from mail-oi0-f47.google.com ([209.85.218.47]:35801)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1br8H9-0003D4-81
 for 19350@debbugs.gnu.org; Mon, 03 Oct 2016 14:47:43 -0400
Received: by mail-oi0-f47.google.com with SMTP id d132so8560522oib.2
 for <19350@debbugs.gnu.org>; Mon, 03 Oct 2016 11:47:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=Sxp7/+YgEvbAdRGj0U1Lx2mYV2tEYR+M1UVUXjoN+zY=;
 b=oaB3x/UlAydsRpXRTOfX+5dh+ojP9P+vd+Mnc8PakVgM4rsYHlkrUQgpQwmMUkE4+W
 HFRYwaL8KwCQ4WgNPQXBHcvzhyL3GP+htVqR2zwkNEn8hF5ab1CdyuniTkzkM7yiHPpp
 9gu5lboOrnQbS9HCbFPph0p3+3upFw0eHJAyFXuboYceAmI4e3lPllWHLhLUZGIuL3KR
 Ux2p5xycubmipH0I96VPB4Il3/f2vacwYyhiqv/Rnsff7+00Jy/DR9c3183NrnelqDsK
 nwQh1MpaCjN1WcH+LPcBllrJYX/RVfJTXMwsRYzSV7EESzTKJvgioXVDtTdwiIO/hl25
 8hjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=Sxp7/+YgEvbAdRGj0U1Lx2mYV2tEYR+M1UVUXjoN+zY=;
 b=dVsSCzZ2vzSpDhSlOrefGlSMh3635+Yq595l/hXuvl7MqvgPGcDIVGzLYwof+/vbkJ
 DivIEMrbxb5/A5Ssx4XOxGFhpicry+004gG562XQkWkTz5cawkjzfMW/8isoGjb95rfM
 NwO0tPKunvU8Ow1sMCtAdhU+tQ9p0KLIm7qgpISREyW/AefoLJXEd7zbOs1zLMPzYTp8
 tzYAp28JqFfVUlYjSRbg5AonxisfIVqzY5otZL6TWjf7UjopTqgaWBw4UbV44Io4YxDo
 dtr1f1AQhDeazSNzG6pV2hYL0VopgJMbg/U680QouGkhaTeCH7+2JHaWhr6AYVEaYlDy
 5QUw==
X-Gm-Message-State: AA6/9RlmGdUp7FKO6+A4jp4roPVNN6WG5kUgffzSMiZ+Ygc1SNYihjyZ5f2aK71mPPJPxJCzzFHAQfZgow9HVQ==
X-Received: by 10.202.229.7 with SMTP id c7mr4835162oih.89.1475520457754; Mon,
 03 Oct 2016 11:47:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.42.16 with HTTP; Mon, 3 Oct 2016 11:47:37 -0700 (PDT)
In-Reply-To: <83twemf550.fsf@gnu.org>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
From: Noam Postavsky <npostavs@users.sourceforge.net>
Date: Mon, 3 Oct 2016 14:47:37 -0400
X-Google-Sender-Auth: L7QD8gnXvJT6agPa282H8sENSWM
Message-ID: <CAM-tV-9q6R32UcQ2na616F+dX3KfJ7BfR3ZGTzkUCLnO5wJQ9w@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: Eli Zaretskii <eliz@gnu.org>
Content-Type: multipart/mixed; boundary=001a1141879cbe690b053dfa609e
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, Demi Obenour <demiobenour@gmail.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.5 (/)

--001a1141879cbe690b053dfa609e
Content-Type: text/plain; charset=UTF-8

On Mon, Aug 15, 2016 at 11:01 AM, Eli Zaretskii <eliz@gnu.org> wrote:
> From my POV, as long as Emacs itself doesn't produce such shell
> commands and/or environment variables for any of its features,
> avoiding this becomes user's responsibility, just like when working at
> the shell prompt.  Of course, if we can find a reliable solution to
> the problem that doesn't take away features, that'd be better,

So I have been thinking about this. As far as I can tell, the %CD:~,0%
hack is the only way to solve it. We can make it conditional on having
command extensions enabled, see attached.

The probing command I used for the default value for
w32-shell-command-extensions causes an error while dumping ("Searching
for program: No such file or directory,
C:/Users/npostavs/src/emacs/emacs-25/nt/cmdproxy.exe") so I've
commented it out for now. With this patch,

(let ((w32-shell-command-extensions t)
      (process-environment (cl-list* "ca^=with-caret"
                                     "ca=without-caret"
                                     process-environment)))
  (insert (shell-command-to-string
           (format "echo %s %s %s"
                   "%ca%"
                   (shell-quote-argument "%ca%")
                   "%%CD:~,0%ca%%CD:~,0%"))))

gives

without-caret "%ca%" %ca%

If this approach makes sense I can fix up the patch.

--001a1141879cbe690b053dfa609e
Content-Type: text/plain; charset=US-ASCII; name="escaping-percent.diff"
Content-Disposition: attachment; filename="escaping-percent.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_itonbuqc0

ZGlmZiAtLWdpdCBpL2xpc3Avc3Vici5lbCB3L2xpc3Avc3Vici5lbAppbmRleCBlOWUxOWQzLi4x
ZDdkMGRkIDEwMDY0NAotLS0gaS9saXNwL3N1YnIuZWwKKysrIHcvbGlzcC9zdWJyLmVsCkBAIC0y
NzUzLDE1ICsyNzUzLDMxIEBAIHNoZWxsLXF1b3RlLWFyZ3VtZW50CiAgICAgICAgICAgICAiXFwx
XFwxXFxcXFwiIgogICAgICAgICAgICAgYXJndW1lbnQpKSkKIAotICAgIChpZiAoc3RyaW5nLW1h
dGNoICJbJSFcIl0iIGFyZ3VtZW50KQotICAgICAgICAoY29uY2F0Ci0gICAgICAgICAiXlwiIgot
ICAgICAgICAgKHJlcGxhY2UtcmVnZXhwLWluLXN0cmluZwotICAgICAgICAgICJcXChbJSEoKVwi
PD4mfF5dXFwpIgotICAgICAgICAgICJeXFwxIgotICAgICAgICAgIGFyZ3VtZW50KQotICAgICAg
ICAgIl5cIiIpCi0gICAgICAoY29uY2F0ICJcIiIgYXJndW1lbnQgIlwiIikpKQorICAgIDs7IGNt
ZC5leGUgcGVyZm9ybXMgJXZhciUgZXhwYW5zaW9uIGJlZm9yZSBhbnl0aGluZyBlbHNlLCBzbyB0
aGVyZQorICAgIDs7IGlzIG5vIHdheSBlc2NhcGUgJyUncyAoZXNjYXBpbmcgd2l0aCAnXicgKmFw
cGVhcnMqIHRvIHdvcmssIGJ1dAorICAgIDs7IHRoYXQncyBvbmx5IGJlY2F1c2UgdmFyaWFibGVz
IHdpdGggY2FyZXRzIGluIHRoZSBuYW1lIGFyZQorICAgIDs7IHJhcmUpLiAgSWYgIkNvbW1hbmQg
RXh0ZW5zaW9ucyIgYXJlIGVuYWJsZWQsIGl0J3MgcG9zc2libGUgdG8KKyAgICA7OyB3b3JrIGFy
b3VuZCB0aGlzIGxpbWl0YXRpb24gYnkgYXBwZW5kaW5nICIlQ0Q6fiwwJSIgdG8gZWFjaAorICAg
IDs7ICclJzsgaXQgZXhwYW5kcyB0byB0aGUgZW1wdHkgc3RyaW5nIGFuZCBzdG9wcyB0aGUgcHJl
Y2VkaW5nICclJworICAgIDs7IGZyb20gYmVpbmcgaW50ZXJwcmV0ZWQgYXMgdGhlIGJlZ2lubmlu
ZyBvZiBhIHZhcmlhYmxlIG5hbWUuCisgICAgKGNvbmQKKyAgICAgKChhbmQgdzMyLXNoZWxsLWNv
bW1hbmQtZXh0ZW5zaW9ucyAoc3RyaW5nLW1hdGNoICIlIiBhcmd1bWVudCkpCisgICAgICAoY29u
Y2F0CisgICAgICAgIl5cIiIKKyAgICAgICAocmVwbGFjZS1yZWdleHAtaW4tc3RyaW5nCisgICAg
ICAgICJcXChbISgpXCI8PiZ8Xl1cXCkiCisgICAgICAgICJeXFwxIgorICAgICAgICAocmVwbGFj
ZS1yZWdleHAtaW4tc3RyaW5nICIlIiAiJSVDRDp+LDAlIiBhcmd1bWVudCB0IHQpKQorICAgICAg
ICJeXCIiKSkKKyAgICAgKChzdHJpbmctbWF0Y2ggIlslIVwiXSIgYXJndW1lbnQpCisgICAgICAo
Y29uY2F0CisgICAgICAgIl5cIiIKKyAgICAgICAocmVwbGFjZS1yZWdleHAtaW4tc3RyaW5nCisg
ICAgICAgICJcXChbJSEoKVwiPD4mfF5dXFwpIgorICAgICAgICAiXlxcMSIKKyAgICAgICAgYXJn
dW1lbnQpCisgICAgICAgIl5cIiIpKQorICAgICAodCAoY29uY2F0ICJcIiIgYXJndW1lbnQgIlwi
IikpKSkKIAogICAgKHQKICAgICAoaWYgKGVxdWFsIGFyZ3VtZW50ICIiKQpkaWZmIC0tZ2l0IGkv
bGlzcC93MzItdmFycy5lbCB3L2xpc3AvdzMyLXZhcnMuZWwKaW5kZXggYzkzMTdlNC4uM2U3NmE4
NiAxMDA2NDQKLS0tIGkvbGlzcC93MzItdmFycy5lbAorKysgdy9saXNwL3czMi12YXJzLmVsCkBA
IC02NSw2ICs2NSwxMyBAQCB3MzItbGlzdC1wcm9wb3J0aW9uYWwtZm9udHMKICAgIDp0eXBlICco
cmVwZWF0IHN0cmluZykKICAgIDpncm91cCAndzMyKSkKIAorKHVubGVzcyAoZXEgc3lzdGVtLXR5
cGUgJ2N5Z3dpbikKKyAgKGRlZmN1c3RvbSB3MzItc2hlbGwtY29tbWFuZC1leHRlbnNpb25zIG5p
bCA7OyAoZXF1YWwgKHNoZWxsLWNvbW1hbmQtdG8tc3RyaW5nICJlY2hvICUlQ0Q6fiwwJSIpICIl
XG4iKQorICAgICJJZiBub24tbmlsLCBhc3N1bWUgdGhlIHNoZWxsIHN1cHBvcnRzIFwiQ29tbWFu
ZCBFeHRlbnNpb25zXCIuCitUaGlzIGlzIHVzZWQgYnkgYHNoZWxsLXF1b3RlLWFyZ3VtZW50JyB0
byBzYWZlbHkgZXNjYXBlIFwiJVwiLiIKKyAgICA6dHlwZSAnYm9vbGVhbgorICAgIDpncm91cCAn
dzMyKSkKKwogOzsgV2FudCAibWVudSIgY3VzdG9tIHR5cGUgZm9yIHRoaXMuCiAoZGVmY3VzdG9t
IHczMi1maXhlZC1mb250LWFsaXN0CiAgICcoIkZvbnQgbWVudSIK
--001a1141879cbe690b053dfa609e--




From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 03 15:15:36 2016
Received: (at 19350) by debbugs.gnu.org; 3 Oct 2016 19:15:36 +0000
Received: from localhost ([127.0.0.1]:43330 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1br8i8-0004Ce-3X
	for submit@debbugs.gnu.org; Mon, 03 Oct 2016 15:15:36 -0400
Received: from eggs.gnu.org ([208.118.235.92]:55412)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1br8i6-0004CK-3H
 for 19350@debbugs.gnu.org; Mon, 03 Oct 2016 15:15:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eliz@gnu.org>) id 1br8hy-0002io-36
 for 19350@debbugs.gnu.org; Mon, 03 Oct 2016 15:15:29 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:35439)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
 id 1br8hx-0002hR-WD; Mon, 03 Oct 2016 15:15:26 -0400
Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:2005
 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <eliz@gnu.org>)
 id 1br8hw-0005KJ-2p; Mon, 03 Oct 2016 15:15:24 -0400
Date: Mon, 03 Oct 2016 22:15:21 +0300
Message-Id: <83twctnt12.fsf@gnu.org>
From: Eli Zaretskii <eliz@gnu.org>
To: Noam Postavsky <npostavs@users.sourceforge.net>
In-reply-to: <CAM-tV-9q6R32UcQ2na616F+dX3KfJ7BfR3ZGTzkUCLnO5wJQ9w@mail.gmail.com>
 (message from Noam Postavsky on Mon, 3 Oct 2016 14:47:37 -0400)
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
 <CAM-tV-9q6R32UcQ2na616F+dX3KfJ7BfR3ZGTzkUCLnO5wJQ9w@mail.gmail.com>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -7.7 (-------)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, demiobenour@gmail.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: Eli Zaretskii <eliz@gnu.org>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -7.7 (-------)

> From: Noam Postavsky <npostavs@users.sourceforge.net>
> Date: Mon, 3 Oct 2016 14:47:37 -0400
> Cc: Demi Obenour <demiobenour@gmail.com>, 19350@debbugs.gnu.org
> 
> So I have been thinking about this. As far as I can tell, the %CD:~,0%
> hack is the only way to solve it. We can make it conditional on having
> command extensions enabled, see attached.

I'm uneasy using such tricks in our sources.  No one said they will
continue working in future versions of cmd.exe, or that they work now
in replacement shells used out there.  It could also get in the way of
developing cmdproxy.

The use case is marginal enough for us to leave it alone, I think.

Thanks.




From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 03 15:39:00 2016
Received: (at 19350) by debbugs.gnu.org; 3 Oct 2016 19:39:00 +0000
Received: from localhost ([127.0.0.1]:43344 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1br94m-0006eu-Ds
	for submit@debbugs.gnu.org; Mon, 03 Oct 2016 15:39:00 -0400
Received: from mail-wm0-f52.google.com ([74.125.82.52]:35699)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <demiobenour@gmail.com>) id 1br94l-0006eX-9x
 for 19350@debbugs.gnu.org; Mon, 03 Oct 2016 15:38:59 -0400
Received: by mail-wm0-f52.google.com with SMTP id f193so127007363wmg.0
 for <19350@debbugs.gnu.org>; Mon, 03 Oct 2016 12:38:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=shHwKRibXklpxfZXyelC17kMON66wGCpPZWxqTlMX1k=;
 b=hB0dAYmXnBa+3Pv0Ty93Y93AfRos0cclfhFxbBiK1dyW12O0on1Xac8/5dVg+aU58e
 36THpEjZwxFxYbU1vPFRrLggUfvk3NwgnHpHSfc+wn+eHuVL5oNhF/Rt9EJkX2iZ+mRA
 ovF2qDzEiNp1gCN9RQKSU1vcy2OPfXsNnmuau9YAvXnigFGpWUeSqKUJAbB8prPgoEyJ
 mTbDCIWtFun2oI0qgE0Oz1ZrbmOvNfoRwNOppPktbKmAWAGQ8nZqlHeXgzH9XgIdTVLY
 pZoUiKzMcnZxqd/YmXkrgCByAJwWFq9Z4edcFdm459fMRvMOZ0BUXSJu2zbT0EZTiTo7
 ygLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=shHwKRibXklpxfZXyelC17kMON66wGCpPZWxqTlMX1k=;
 b=IXaOkWU+w09sqfu9G0MQi3LgymfQd2pOY9B4qJFHhjCYannEZkCxgJg46kaXvJb/Xn
 pzmIUJeGH1qDYJ77skWSSJedEKlxwt8MEngNfz4yNYv/MTfZCdxE4MG4QVDHQKnHsSOg
 PEF1sWrVmehaEEpOe00zVVcFu42UJYrjKbrO1Noo3mPPJ1lZzLY7jzwkLhIjgx2sNCkp
 RY4PYrvDVaoUZdZlyj+1g/qG+XvR6hlpFx3ZHowR4RNGpUjnjqLPCNwt2Jv+A+83H6CO
 89Sy9GOmHNk91tRg15z8AN+SQ5ZDUn76H0pan3m8fyQB42uAdGUjEg+B8WPxvm0aEMVP
 4KQQ==
X-Gm-Message-State: AA6/9RmmbgJLt0VhuvTtAiYjUZDmitSNPuejdCUyQPipNqEtnSGV5WnDssE2vhftVurBwMdCJTxIW6mUWF8dMA==
X-Received: by 10.28.69.85 with SMTP id s82mr12249078wma.37.1475523533498;
 Mon, 03 Oct 2016 12:38:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.227.107 with HTTP; Mon, 3 Oct 2016 12:38:52 -0700 (PDT)
Received: by 10.194.227.107 with HTTP; Mon, 3 Oct 2016 12:38:52 -0700 (PDT)
In-Reply-To: <CAJEMUN9xcizd9rNYiZueg4gjRAcPxh4V_JZdaSt5jr-P4LRe-A@mail.gmail.com>
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
 <CAM-tV-9q6R32UcQ2na616F+dX3KfJ7BfR3ZGTzkUCLnO5wJQ9w@mail.gmail.com>
 <83twctnt12.fsf@gnu.org>
 <CAJEMUN9xcizd9rNYiZueg4gjRAcPxh4V_JZdaSt5jr-P4LRe-A@mail.gmail.com>
From: Demi Obenour <demiobenour@gmail.com>
Date: Mon, 3 Oct 2016 15:38:52 -0400
Message-ID: <CAJEMUN8+c9fjQmKWj8_h6aQ1jwo=2yebbnQuAi9wn=0QjiOaFg@mail.gmail.com>
Subject: Re: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows
 command shell
To: Eli Zaretskii <eliz@gnu.org>
Content-Type: multipart/alternative; boundary=94eb2c0715b4127420053dfb1809
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, Noam Postavsky <npostavs@users.sourceforge.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.5 (/)

--94eb2c0715b4127420053dfb1809
Content-Type: text/plain; charset=UTF-8

I think we can assume that it will keep working in future versions of
cmd.exe, as MS won't break backwards compatibility here, and it seems to be
a consequence of documented parsing rules.

But yes, it would be great to just skip the shell.  I don't think we should
replace it either.  Lisp should always pass an argument list when creating
a process.

--94eb2c0715b4127420053dfb1809
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">I think we can assume that it will keep working in future ve=
rsions of cmd.exe, as MS won&#39;t break backwards compatibility here, and =
it seems to be a consequence of documented parsing rules.</p>
<p dir=3D"ltr">But yes, it would be great to just skip the shell.=C2=A0 I d=
on&#39;t think we should replace it either.=C2=A0 Lisp should always pass a=
n argument list when creating a process.</p>

--94eb2c0715b4127420053dfb1809--




From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 08 19:17:27 2018
Received: (at 19350) by debbugs.gnu.org; 9 Feb 2018 00:17:27 +0000
Received: from localhost ([127.0.0.1]:34484 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ejwNb-0002Fi-Jt
	for submit@debbugs.gnu.org; Thu, 08 Feb 2018 19:17:27 -0500
Received: from mail-it0-f52.google.com ([209.85.214.52]:36108)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>)
 id 1ejwNZ-0002FQ-Go; Thu, 08 Feb 2018 19:17:25 -0500
Received: by mail-it0-f52.google.com with SMTP id n206so8647632itg.1;
 Thu, 08 Feb 2018 16:17:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=hDz+xRzfTKBWyEyRoivuyJKB4gHduOwDXZtGO4XypnU=;
 b=b/CFwzglLUo2ixonNTHeSutyrfxgjEfz/W2MRLTDVS+nHwSMudVUtOryjnBaaCpttW
 uCRhW7AzvlryaUdE34YNjPiaYKVFEzpe1XGfVivxDIl54xZ1vPP0qAeUSGGBk+Ezr4pQ
 95BXdjgH9oN3tKnoAQxDElHSwWYSvbPsf6CiBa7lweekaByz2gH1XfTvnzq+qxBGF0aB
 vCWVWkw2eKBdvjDV+Rke4SAw7B9M7x+CsMmmJBkIvKdiuWoCBhVEIzECZATe2CtjxtNh
 MWq8v87+1pWdptgKDJg+7CTIm8JHx0z3kqurwiv5qrYOmIg5IFCEtr+nwqFRjw1ikGxW
 EDow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:from:to:cc:subject:references:date
 :in-reply-to:message-id:user-agent:mime-version
 :content-transfer-encoding;
 bh=hDz+xRzfTKBWyEyRoivuyJKB4gHduOwDXZtGO4XypnU=;
 b=ZkQCSQyq3QOOX298tStniMMOaLKV4tyR7jkBHY2MVPCfEogy7rGxvDCBy1q9B4P4c/
 GH9p3zkFysW8P2B3IeH/AQPGFAr9LQpa/6XElnM4YqbIMGLe8H5P/66Zls8Nq3AeOdKk
 QDz2vQpOAhWxtT4jJChbfyn4TrV7L0GlslIkmZ1adHQe7y3xvHg5s5eePzSi7RJRxqFG
 U9uMqhZsVHSbcoXCKEPZLMoP6xxt2kCOkiaVj0uSaDzvIRYtnVQ+0q2oddVV9qzSvm26
 sdlApYVXOxGfwWKUb8LGa5JRe/f0UrunEzfAWFyayhSUypyZQefozdUA0UllSsE6wtmK
 y3XA==
X-Gm-Message-State: APf1xPAybhXv7bWE82HafdR1Je3bBcRlEDR7bZ38ToHjRhiG9WKQkjNG
 9W96kNNSpJ6BffhC0reVu9eKZQ==
X-Google-Smtp-Source: AH8x226Q0ekAJXTIS74k+JIL4dI6r4K+BC8Z8k/QOfcrpkx7RrXEPJWssrw+FlNYBH0HOPy4UT25GA==
X-Received: by 10.36.87.197 with SMTP id u188mr1301726ita.87.1518135439598;
 Thu, 08 Feb 2018 16:17:19 -0800 (PST)
Received: from zebian (cbl-45-2-119-34.yyz.frontiernetworks.ca. [45.2.119.34])
 by smtp.googlemail.com with ESMTPSA id
 k75sm941854iod.27.2018.02.08.16.17.17
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 08 Feb 2018 16:17:18 -0800 (PST)
From: Noam Postavsky <npostavs@users.sourceforge.net>
To: Demi Obenour <demiobenour@gmail.com>
Subject: Re: bug#19350: #19350 24.4;
 Incorrect quoting of %-signs for Windows command shell
References: <CAM-tV-8P3SCQZ=DNfVCF+H-CrxQnr+DHnkuUzDoSDLTAdezHQw@mail.gmail.com>
 <CAJEMUN_tJ1KcCdmN7kjR+2ms5K4pbP9DYQi7mKNU5K=7bBGvDw@mail.gmail.com>
 <87k2fmyg16.fsf@users.sourceforge.net>
 <CAJEMUN_nkRgwCF7h03x=_jdHDLGqC+DBk0=3NNJhZTx5woW8gg@mail.gmail.com>
 <CAJEMUN-HMMJu1FTDrKEmn_8nOaMhDeE8Te2JuE7jVdvuqLtbNQ@mail.gmail.com>
 <CAJEMUN8Yryixpat2OL2+9tiTbfARC2eK8uhvSKPC7bNG4w=0PA@mail.gmail.com>
 <87shu6vi54.fsf@users.sourceforge.net> <83twemf550.fsf@gnu.org>
 <CAM-tV-9q6R32UcQ2na616F+dX3KfJ7BfR3ZGTzkUCLnO5wJQ9w@mail.gmail.com>
 <83twctnt12.fsf@gnu.org>
 <CAJEMUN9xcizd9rNYiZueg4gjRAcPxh4V_JZdaSt5jr-P4LRe-A@mail.gmail.com>
 <CAJEMUN8+c9fjQmKWj8_h6aQ1jwo=2yebbnQuAi9wn=0QjiOaFg@mail.gmail.com>
Date: Thu, 08 Feb 2018 19:17:16 -0500
In-Reply-To: <CAJEMUN8+c9fjQmKWj8_h6aQ1jwo=2yebbnQuAi9wn=0QjiOaFg@mail.gmail.com> (Demi
 Obenour's message of "Mon, 3 Oct 2016 15:38:52 -0400")
Message-ID: <878tc3dnjn.fsf@users.sourceforge.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.90 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 19350
Cc: 19350@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.5 (/)

close 19350=20
quit

Demi Obenour <demiobenour@gmail.com> writes:

> But yes, it would be great to just skip the shell.=C2=A0 I don't think we
> should replace it either.=C2=A0 Lisp should always pass an argument list
> when creating a process.

The manual's description of shell-quote-argument has meanwhile got a
cross-reference to `(elisp) Security Considerations'.  I've added a
mention of this problem there, and an expected-to-fail test to make it
clear what the problem is.  With that, I'll close the bug.

[1: 2dd273b985]: 2018-02-08 19:10:11 -0500
  Mention that shell quoting of % on w32 may fail (Bug#19350)
  https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=3D2dd273b9853189f2=
105426cffa723ced7f329fb4




From unknown Sat Jun 21 03:21:48 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Fri, 09 Mar 2018 12:24:04 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator