Hello!
> well I doublechecked it .. and while you are right on the checked input, I
> am sure that
>
> if [ -z "=" ] ...
>
> shouldn't throw an error .. I also tried simple quotes (')
Yes, only one expression is no Problem in all shell implementations I have
tested.
> On the other hand, you are right no security issue.
That depends on the situation where the comparison is done.
> Because the right way
> to authenticate of course would be..
Both ways are right, yours are only more common.
> and this wouldn't be flawed by the error. I am still not sure, if this is
> meant to be.
The error handling of the shell interpreters are deferent, so you can't trust
on that.
> @Alina: Do you have reason to believe this isn't bug? If yes, why.
Whats isn't a bug? It's a design error. You can't implement a shell
interpreter, that is compatible with the current syntax and don't have the
Problem, that you can inject a expression with the value argument. It's like
strcpy() in C.
Regards
Alina
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
