On 11/5/24 11:12 PM, Solar Designer wrote: > So there's no bug in the shells here, but bugs of this kind are common > in shell usage (omitting the "--" argument where it's needed, usage of > wildcard expansion where that is unnecessary, etc.) > > Can the shells do anything to mitigate this? I think not without > breaking compatibility. The only not-too-unreasonable change I can > think of is wildcard expansion prefixing filenames with "./", maybe only > those that start with "-" and maybe not when used with builtin "echo".
Well, to be fair the shell already does exactly this if you do grep text ./* > Since this didn't feel too unreasonable, I actually tested many shells > to see whether any possibly already do this (with "/bin/echo *") - but I > found none that do, at least not by default. I expect this would break > e.g. explicit comparisons of expanded filenames for equality (to some > expected filenames the script or another program checks for later) and > uses of the filesystem as poor man's database (which scripts sometimes > do). Maybe an opt-in mode or a future shell that doesn't need to stay > 100% compatible with prior shells could do this, but even then I worry > that it would encourage practices that would remain unsafe elsewhere. > > I'll include some excerpts from the distros list discussion below: No current shells are permitted to do it at all, if they are POSIX sh compatible -- POSIX mandates a specific outcome: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_13_03 * cannot match the directory separator, it is not an option that implementations are allowed to be flexible on, unless the shell implements an opt-in mode such as bash's "globstar" that explicitly asks for non-POSIX behavior. The issue then would become that no one would remember or bother to set it, even if they wanted it. :) -- Eli Schwartz
OpenPGP_signature.asc
Description: OpenPGP digital signature
