"Adam D. Barratt" <a...@adam-barratt.org.uk> writes: > On Thu, 2009-06-04 at 14:14 +0200, Bill Allombert wrote: >> Consider this example: the safe "printf" way to do >> echo $BAR >> is >> printf "%s\n" "$BAR" >> >> (in case BAR hold a value like BAR="%s a") >> So printf is slightly unwiedly to use and it can create >> format string attack.
But at least one can make it save even with user input. "echo $BAR" can never be safe. > It does, however, have the advantage of working if BAR contains "-E". > (This isn't a contrived example, it's why I recently changed the parsing > of DEBUILD_LINTIAN_OPTS to use printf rather than echo; if there's a > sane way of printing "-E" using echo I'd love to know what it is). > > Regards, > > Adam bash: $ echo - -E - -E $ echo -- -E -- -E zsh: % echo - -E -E % echo -- -E -- -E So I would have to say "echo -- -E | cut -b4-". Isn't that fun. The same problem arises with -e and -n. And --help and --version are fun too. gnu echo has then, others don't. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
