Dominique Martinet wrote in <[email protected]>: |Keith Thompson wrote on Mon, Apr 03, 2023 at 10:15:40PM -0700: |> The GNU coreutils seq command recognizes and handles negative |> arguments. |> |> The busybox seq command does not. Any argument starting with a '-' |> character is assumed to be an option name. |> |> There is a (rather inconvenient) workaround: you can add a leading |> space, which is ignored. | |You can also use '--' to stop parsing options and feels a bit more |standard than leading spaces.
Yeah, the thing rather is that GNU getopt parses the command line and performs reorders. I never really looked, but since the (entire family of the) mailer i maintain earned a security advisory for possible option injection attacks i always wondered how secure that can be. Despite that one of SuSE's blocks against my mailer (to replace its hm predecessor) is that they want me to support a different argument order (as in "[:opts:] [:receiver:] [:opts:] instead of "[:opts:] [:receiver:]"), but i do not, 'having added -. to explicitly stop option processing (we do also support --, but that then separates arguments to be passed to the MTA, further on down the command line) in order to prevent such option injection attacks. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
