From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 6O3MFtjfzWGZtAAAgWs5BA (envelope-from ) for ; Thu, 30 Dec 2021 17:35:36 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id CN8sFNjfzWG2WwAA9RJhRA (envelope-from ) for ; Thu, 30 Dec 2021 17:35:36 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CD9A91BB27 for ; Thu, 30 Dec 2021 17:35:35 +0100 (CET) Received: from localhost ([::1]:34912 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n2yOr-0001fK-J3 for larch@yhetil.org; Thu, 30 Dec 2021 11:35:34 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50580) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n2yNZ-0001fC-1v for emacs-orgmode@gnu.org; Thu, 30 Dec 2021 11:34:13 -0500 Received: from ciao.gmane.io ([116.202.254.214]:54470) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n2yNX-0003Me-Cs for emacs-orgmode@gnu.org; Thu, 30 Dec 2021 11:34:12 -0500 Received: from list by ciao.gmane.io with local (Exim 4.92) (envelope-from ) id 1n2yNU-0005sW-Gx for emacs-orgmode@gnu.org; Thu, 30 Dec 2021 17:34:08 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: emacs-orgmode@gnu.org From: Max Nikulin Subject: Re: [PATCH] ob-maxima.el: Fix execution on MS Windows Date: Thu, 30 Dec 2021 23:33:58 +0700 Message-ID: References: <53a33993-2e62-2600-ee28-7c3d886de678@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <53a33993-2e62-2600-ee28-7c3d886de678@gmail.com> Content-Language: en-US Received-SPF: pass client-ip=116.202.254.214; envelope-from=geo-emacs-orgmode@m.gmane-mx.org; helo=ciao.gmane.io X-Spam_score_int: 17 X-Spam_score: 1.7 X-Spam_bar: + X-Spam_report: (1.7 / 5.0 requ) DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FORGED_MUA_MOZILLA=2.309, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-3.024, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: "Emacs-orgmode" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1640882136; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=tdRpTqLGy+5kdmDosvedMLeR1Vwr/8V5VmQBwHFmaoM=; b=KVmaLyXV9Mv8d578PA94Mh47lfjRs9wp848jK34FvcSwovlsEb7p1GBFoInO0a7R2XMEAh r/i7rarVSX4PW2X0QhUQDNl1HsyY+y//r6prrdSsde7B/b6/t7ZsTvR7rJzLysfJJjkBr3 j/E0l6G5kfKHRJM9baFv4UgYhb4+W5r18xA/+muKe+WsiaW+4WrqzRpRNqgR/QYp1nQLl1 DvlSMerQJtAZoGXA7IS0rV1CNYyBVUD3Kp+2H9e32Olm0XUIDPfvBaSdpOB5uXxfJ1lqFl Jf+hlUUn/D12kE4KBKa/dNuDahDAFv9VcAi72eXojEGLp3iKx430SmMm43cRAQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1640882136; a=rsa-sha256; cv=none; b=nIGuHarhXWIBF5eoI7jG6F/gLnlH+qwac9hOtRWPY1BdKZHIqI92Kw4whXr0DqWecnx+dK bbQmDBopJ2P3iFfzuXmZJnY8EXkRr1z9vZ77LADtdAE8jxArMjT8DBf5rBirtdbcoz3fsO 9jK3zYgAJf2PhkS+2vGWhDTifRPVizDbT6uDvkbesapn2UfinhPvFpMV1Uy9vGSxKxYF62 ghbJM3bY0KW3LhvsAGgG4mD+PMJtsNpjLovCVgRaRlA+g0E9xect0oaP4z+fKMehwqA9Ak qoPsG+KXHs2iumLEudXFsO6YXJmy1dnHyO7x0lYXOsDZQkf89QBtYOkrWnRNJA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.47 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: CD9A91BB27 X-Spam-Score: -2.47 X-Migadu-Scanner: scn1.migadu.com X-TUID: fNoSTrFcc+c7 On 30/12/2021 01:37, Nikolay Kudryavtsev wrote: > If your temporary-file-directory is something like "/tmp/apostrophe'", > it would not work currently either. So apostrophe is a very special case > here. > > As for possible evaluation within the double quotes, while this is > theoretically possible, user sort of has to go out of his way to trigger > it, so the question is whether we should introduce any platform-specific > code to mitigate such an obscure case? Then we are also limited by > Maxima itself since it has to be able to read that path too and it's > very picky when it comes to file paths. I am not a committer, so it is up to the maintainers to decide if your patch is suitable. My intention is to draw attention to the issue, however they may tolerate it. I have not experimented with remote execution of babel code blocks using tramp, so I may be unaware of some specific, e.g. execution using ssh almost certainly assumes shell command and interface with list of arguments may not be available. When some external data is substituted into a Maxima command (batchload this case) there should be an extra pass of escaping that protects special characters like quotes (and backslashes?) accordingly to Maxima rules. I expect that %S formatter does a trick by adding quotes around the string argument and adding backslashes before quote characters and backslashes inside. I suspect that quotes your added around %S must not be used there. Due to them file name appears outside of quotes at all. This error is hidden unless at least a space character presents in temporary directory path. Unsure concerning Maxima but usually it is possible to pass arguments avoiding quoting issues for particular language. A couple of examples with inline code snippets emacs -Q --batch --eval '(message "bl(%S)$" (car argv))' 'a"b\c.txt' sh -c 'printf "bl(%s)\$\n" "$1"' 'sh' 'a"bc\d.txt' Maybe there is a way to pass file name as a separate argument (without combining it with command) to Maxima as well. In my opinion, platform-specific code should be avoided when possible. Even `shell-quote-argument' may be better. I would prefer e.g. `call-process' from info "(elisp) Synchronous Processes" https://www.gnu.org/software/emacs/manual/html_node/elisp/Synchronous-Processes.html , but I am realizing that it may require more changes in babel or even to cause problems with tramp. Double quotes open issues with injection of commands in backticks `rm something`, $variable expansion and other constructs. I hope, `shell-quote-argument' is reliable enough. P.S. https://xkcd.com/327/ Exploits of a Mom