Package: bash Version: 2.05b-26 Severity: normal Echo does not support the '--' flag. It should to, otherwise any script containing the line:
echo "$x" is are prone to unexpected bugs, if $x is unexpectedly set to '-n', '-e', or '-E', '--help', or '--version'. If echo recognized '--', then a script could be written containing echo -- "$x" that would behave properly for all values of $x. There is a potential security risk, too, but it is a bit far fetched. It is possible that the ability to remove an expected newline (by setting x='-n') could be used to cause errors which someone might be able to take advantage of. The kind of place where problems are most likely to appear is in places like this: echo "$x" "$y" | program And, in case you think you can kluge around it, doing echo '' "$x" doesn't work. It immunizes you to unexpected values of x, but it inserts a space at the beginning of the output. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages bash depends on: ii base-files 3.1.2 Debian base system miscellaneous f ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libncurses5 5.4-4 Shared libraries for terminal hand ii passwd 1:4.0.3-31sarge1 change and administer password and -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
