On 30.08.2020 16:50, Greg Wooledge wrote:
> The evil thing here is code injection. Obviously eval is one way to > perform code injection, but it's not the *only* way. Eval itself isn't > evil; if anything, it's all of the other forms of code injection, > which people don't suspect, that are truly insidious. > > https://mywiki.wooledge.org/CodeInjection > https://mywiki.wooledge.org/BashWeaknesses > > You're trying to do something that you feel should be possible -- passing > an array to a function by reference. Every other language can do this, > right? So bash should be able to do this... right? Nope. > > Passing variables by reference (especially arrays) is one of the > major missing features of bash. Everyone wants it. Many, many people > have attempted it. The sheer insanity of some of the attempts is > astounding. > > https://fvue.nl/wiki/Bash:_Passing_variables_by_reference > > That's a slightly older page, but he found an exploit in "unset" which > does bizarre things when called at different function scope levels, and > managed to use it to manipulate the existence of variables at various > function scopes. > > If you absolutely *need* to pass a variable by reference, don't use bash. > That's the best advice I can give you. You are absolutely right, and I have understood this in the meantime. Unfortunately, there is a substantial amount of work (and thus, money) in these scripts, and there is a time line, so the moment where I could dump bash for Perl or Python has passed some time ago. Hence, I really have to finish these bash scripts, but I have learned my lesson and in the future won't use bash for anything that is more complex than a one-liner. Even though bash 5.1 seems to solve my current problem, I suspect that there are more surprises like this which I just haven't come across yet. Thank you very much, and best regards, Binarus