GNU bug report logs - #19350
24.4; Incorrect quoting of %-signs for Windows command shell

Previous Next

Full log

View this message in rfc822 format

From: Demi Obenour <demiobenour <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 19350 <at> debbugs.gnu.org, Noam Postavsky <npostavs <at> users.sourceforge.net>
Subject: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows command shell
Date: Wed, 17 Aug 2016 22:02:55 -0400

[Message part 1 (text/plain, inline)]

But *nix has no such feature, nor the associated gotcha.

On Aug 15, 2016 11:01 AM, "Eli Zaretskii" <eliz <at> gnu.org> wrote:

> > From: npostavs <at> users.sourceforge.net
> > Date: Sun, 14 Aug 2016 23:13:43 -0400
> > Cc: 19350 <at> debbugs.gnu.org
> >
> > Hmm, maybe we could fix this by making Emacs refuse to apply environment
> > variables with names ending in carets?
>
> I'm very much against disallowing perfectly valid (if rare) use cases
> just because someone malicious can take advantage of that.
>
> From my POV, as long as Emacs itself doesn't produce such shell
> commands and/or environment variables for any of its features,
> avoiding this becomes user's responsibility, just like when working at
> the shell prompt.  Of course, if we can find a reliable solution to
> the problem that doesn't take away features, that'd be better, but
> failing that, I'm okay with leaving this alone, perhaps documenting
> somewhere that using % in shell commands when there are environment
> variables ending in ^ could produce surprising results.
>
> Thanks.
>

[Message part 2 (text/html, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.