Date:Fri, 19 Nov 2021 13:40:16 -0600
From:Eric Blake
Message-ID: <2029194016.5xn6gydfbtwmv...@redhat.com>
| According to POSIX, perl should REALLY be passing a "--" argument
| between "-c" and the scalar string given by the user; see
| https://www.austingrou
On Fri, 19 Nov 2021 13:40:16 -0600
Eric Blake wrote:
> On Fri, Nov 19, 2021 at 03:56:21PM +, Kerin Millar wrote:
> > On Fri, 19 Nov 2021 10:05:39 -0500
> > Marshall Whittaker wrote:
> >
> > > Fair. I'm not saying anyone has to change it, but I will call out what I
> > > think is a design fl
(Copying the list back in ...)
On Fri, 19 Nov 2021 17:37:54 +0100
Andreas Kusalananda Kähäri wrote:
> On Fri, Nov 19, 2021 at 03:56:21PM +, Kerin Millar wrote:
> > On Fri, 19 Nov 2021 10:05:39 -0500
> > Marshall Whittaker wrote:
> >
> > > Fair. I'm not saying anyone has to change it, but I
On Fri, Nov 19, 2021 at 03:56:21PM +, Kerin Millar wrote:
> On Fri, 19 Nov 2021 10:05:39 -0500
> Marshall Whittaker wrote:
>
> > Fair. I'm not saying anyone has to change it, but I will call out what I
> > think is a design flaw. But this is going to turn into some philosophical
> > discussi
On Fri, 19 Nov 2021 10:05:39 -0500
Marshall Whittaker wrote:
> Fair. I'm not saying anyone has to change it, but I will call out what I
> think is a design flaw. But this is going to turn into some philosophical
> discussion as to whether it should have been done this way from the start.
> That
Fair. I'm not saying anyone has to change it, but I will call out what I
think is a design flaw. But this is going to turn into some philosophical
discussion as to whether it should have been done this way from the start.
That I don't know, and hold no responsibility for, as I'm not a bash dev,
I'
(Copying the list back in ...)
On Fri, 19 Nov 2021 07:19:29 -0500
Marshall Whittaker wrote:
> Though I do disagree with you, this is the only message in this thread that
> even makes sense.
Firstly, rm * is a valid - albeit unsafe - simple command, and one that is
easily rectified. Secondly, t
On Fri, Nov 19, 2021 at 12:53 PM Marshall Whittaker <
marshallwhitta...@gmail.com> wrote:
> You could argue that bash should parse filenames globbed from * that start
> with - and exclude them specifically,
>
Or a shell could prepend ./ to all globs relative globs. Not sure if that
would change t
On 19/11/2021 10:53, Marshall Whittaker wrote:
You could argue that bash should parse filenames globbed from * that start
with - and exclude them specifically, so I'll have to respectfully
disagree.
One could, but it would not make for a compelling argument. Define
GLOBIGNORE, if you insist.
dude, again, --version is not bashs arg, cp and touch et la are not bash
and what u do there is start a suid bash
is that such a wonder ?
On Fri, Nov 19, 2021, 11:53 Marshall Whittaker
wrote:
> You could argue that bash should parse filenames globbed from * that start
> with - and exclude them s
You could argue that bash should parse filenames globbed from * that start
with - and exclude them specifically, so I'll have to respectfully
disagree. Also, it is not the programs doing the parsing of *, that is a
function of bash. Try typing * in just your terminal/command line and see
what hap
On 11/17/21 4:16 AM, Marshall Whittaker wrote:
> This shouldn't happen beacuse you can drop a file and then redirect
> other code for example calling a script if you only have access to drop
> a file. Say a cronjob was running every hour, and it did rm * on some
> folder, by expansion, you could
On Wed, Nov 17, 2021 at 03:47:15PM +0200, Ilkka Virta wrote:
> I don't see this in BashFAQ, though. Is it because it's not strictly about
> Bash? Greg?
https://mywiki.wooledge.org/BashPitfalls#pf3
On Wed, Nov 17, 2021 at 2:42 PM Marshall Whittaker <
marshallwhitta...@gmail.com> wrote:
> [marshall@jerkon]{04:09 AM}: [~/bashful] $ touch -- '--version'
> [marshall@jerkon]{04:09 AM}: [~/bashful] $ rm *
> rm (GNU coreutils) 8.30
> Copyright (C) 2018 Free Software Foundation, Inc.
> License GPLv3
this is due to parsing of args by specific app, -- arg indicates
end-of-switches
On Wed, Nov 17, 2021, 13:41 Marshall Whittaker
wrote:
> Software: bash
> Version: 5.0.17(1)-release (x86_64-pc-linux-gnu)
>
> --- SNIP ---
> [marshall@jerkon]{04:09 AM}: [~/bashful] $ touch -- '--version'
> [marshal
Software: bash
Version: 5.0.17(1)-release
--- SNIP ---
[marshall@jerkon]{04:09 AM}: [~/bashful] $ touch -- '--version'
[marshall@jerkon]{04:09 AM}: [~/bashful] $ touch a && mkdir b
[marshall@jerkon]{04:09 AM}: [~/bashful] $ ls -l
total 4
-rw-rw-r-- 1 marshall marshall0 Nov 17 04:09 a
drwxrwxr-x
On Wed, Nov 17, 2021 at 04:16:36AM -0500, Marshall Whittaker wrote:
> --- SNIP ---
> [marshall@jerkon]{04:09 AM}: [~/bashful] $ touch -- '--version'
> [marshall@jerkon]{04:09 AM}: [~/bashful] $ mv * b
This isn't a vulnerability in bash. It's a bug in your script.
Use this instead: mv -- * b
Software: bash
Version: 5.0.17(1)-release (x86_64-pc-linux-gnu)
--- SNIP ---
[marshall@jerkon]{04:09 AM}: [~/bashful] $ touch -- '--version'
[marshall@jerkon]{04:09 AM}: [~/bashful] $ touch a && mkdir b
[marshall@jerkon]{04:09 AM}: [~/bashful] $ ls -l
total 4
-rw-rw-r-- 1 marshall marshall0 No
18 matches
Mail list logo