GNU bug report logs - #19350
24.4; Incorrect quoting of %-signs for Windows command shell

Previous Next

Full log

View this message in rfc822 format

From: Noam Postavsky <npostavs <at> users.sourceforge.net>
To: Demi Obenour <demiobenour <at> gmail.com>
Cc: 19350 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>
Subject: bug#19350: #19350 24.4; Incorrect quoting of %-signs for Windows command shell
Date: Thu, 18 Aug 2016 08:07:41 -0400

On Wed, Aug 17, 2016 at 10:02 PM, Demi Obenour <demiobenour <at> gmail.com> wrote:
> But *nix has no such feature [environment variables affect shell escaping], nor the associated gotcha.

I'm not sure what you're trying to point out here. Why does that
matter? We're talking about Windows, not *nix.

>
>
> On Aug 15, 2016 11:01 AM, "Eli Zaretskii" <eliz <at> gnu.org> wrote:
>>
>> > From: npostavs <at> users.sourceforge.net
>> > Date: Sun, 14 Aug 2016 23:13:43 -0400
>> > Cc: 19350 <at> debbugs.gnu.org
>> >
>> > Hmm, maybe we could fix this by making Emacs refuse to apply environment
>> > variables with names ending in carets?
>>
>> I'm very much against disallowing perfectly valid (if rare) use cases
>> just because someone malicious can take advantage of that.
>>
>> From my POV, as long as Emacs itself doesn't produce such shell
>> commands and/or environment variables for any of its features,
>> avoiding this becomes user's responsibility, just like when working at
>> the shell prompt.  Of course, if we can find a reliable solution to
>> the problem that doesn't take away features, that'd be better, but
>> failing that, I'm okay with leaving this alone, perhaps documenting
>> somewhere that using % in shell commands when there are environment
>> variables ending in ^ could produce surprising results.
>>
>> Thanks.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.