David A. Wheeler wrote in <f60236e0-f65a-4441-9e62-64ee55016...@dwheeler.com>: |> On Nov 5, 2024, at 11:12 PM, Solar Designer <so...@openwall.com> wrote: |> Alexander Hu, CC'ed here, sent a message titled "shell expansion bug" to |> the distros list and a few other distro security contacts and shell |> maintainers. The message described known and correct behavior (not a |> bug), even if unexpected by some and risky. ... | |> Since this issue and other related ones were known for decades, |> getopt(3) and getopt_long(3), which are used by many programs, will stop |> processing options upon seeing a plain "--" argument. | |However, many programs do *not* use getopt or getopt_long to process \ |arguments. |Many programs support "--", but "not* all do,so using "--" as the sole \ |countermeasure |requires careful review of every command's documentation. | |I urge always using "./" to prefix wildcards if the first character \ |is a wildcard, |e.g., "./*.pdf", because this ALWAYS works. | |> ... over the years we gained things like ... |> |> find . -mindepth 1 -maxdepth 1 -type f -print0 | xargs -0 grep text -- | |The "-print0" and "-0" options have been widely implemented, but |POSIX 2024 finally formally adds them. So I urge using them where they |make sense, as they counter embedded linefeed characters in filenames.
To add that the POSIX core developers mention (APPLICATION USAGE): It should be noted that using find with −print0 to pipe input to xargs −r0 is less safe than using find with −exec because if find −print0 is terminated after it has written a partial pathname, the partial pathname may be processed as if it was a complete pathname. ... --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |And in Fall, feel "The Dropbear Bard"s ball(s). | |The banded bear |without a care, |Banged on himself fore'er and e'er | |Farewell, dear collar bear
