Re: incorrect character handling
On 2021/03/30 13:54, Lawrence Velázquez wrote: Further reading: https://mywiki.wooledge.org/BashPitfalls#echo_.22Hello_World.21.22 --- I find that disabling history expansion via '!' at bash-build time is the most ideal solution, since someone preferring 'csh' would likely still be using csh or some compatible -- and bash isn't generally recognized as being csh compatible, but rather posix-sh compatible.
Re: incorrect character handling
On Tue, Mar 30, 2021, at 4:50 PM, Greg Wooledge wrote: > On Wed, Mar 31, 2021 at 02:31:46AM +0700, by.sm--- via Bug reports for > the GNU Bourne Again SHell wrote: > > poc=whoami > > $poc > > python3 -c "print('!!')" > > > > That return 'whoami' command. > > You're running into the csh-style history expansion. A lot of us simply > disable it, because it's not worth the effort it takes to work around it. > > set +o histexpand > > > If you insist on keeping it, and working around it, the key is to > understand that single quotes will protect you, but double quotes may > not. > > echo 'hi!' > > echo "hi!" Further reading: https://mywiki.wooledge.org/BashPitfalls#echo_.22Hello_World.21.22 vq
Re: incorrect character handling
On Wed, Mar 31, 2021 at 02:31:46AM +0700, by.sm--- via Bug reports for the GNU Bourne Again SHell wrote: > poc=whoami > $poc > python3 -c "print('!!')" > > That return 'whoami' command. You're running into the csh-style history expansion. A lot of us simply disable it, because it's not worth the effort it takes to work around it. set +o histexpand If you insist on keeping it, and working around it, the key is to understand that single quotes will protect you, but double quotes may not. echo 'hi!' echo "hi!" The actual behavior of ! (history expansions) inside double quotes has changed across bash versions, so you may have more problems, or fewer problems, depending on your bash version. But there will never be zero problems.
Re: incorrect character handling
On Tue, Mar 30, 2021 at 1:38 PM by.sm--- via Bug reports for the GNU Bourne Again SHell wrote: > > Configuration Information [Automatically generated, do not change]: > Machine: x86_64 > OS: darwin18.7.0 > Compiler: clang > Compilation CFLAGS: -DSSH_SOURCE_BASHRC > uname output: Darwin Mac 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25 > 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64 > Machine Type: x86_64-apple-darwin18.7.0 > > Bash Version: 5.1 > Patch Level: 4 > Release Status: release > > Description: > Bash (zsh/ash/etc) has incorrect character handling, when spec > symbols use in another program and work with stdout. Problem with command > "!!", "!", "$", etc. > > Example: use standart output to console by python3: > python3 -c "print('ls')" > > It's return ls to stdout. But if i print something like: > python3 -c "print('wow, it\'s working !!)" > > bash will process "!!" like a command and substitute the previous command. Yes, this is a feature! It's called "history substitution" and it's enabled by default on interactive shells. You can read more about it in the bash manual. If you don't need this behavior, you can turn it off with: set +H
incorrect character handling
Configuration Information [Automatically generated, do not change]: Machine: x86_64 OS: darwin18.7.0 Compiler: clang Compilation CFLAGS: -DSSH_SOURCE_BASHRC uname output: Darwin Mac 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64 Machine Type: x86_64-apple-darwin18.7.0 Bash Version: 5.1 Patch Level: 4 Release Status: release Description: Bash (zsh/ash/etc) has incorrect character handling, when spec symbols use in another program and work with stdout. Problem with command "!!", "!", "$", etc. Example: use standart output to console by python3: python3 -c "print('ls')" It's return ls to stdout. But if i print something like: python3 -c "print('wow, it\'s working !!)" bash will process "!!" like a command and substitute the previous command. Will work the same way constructions like: poc=whoami $poc python3 -c "print('!!')" That return 'whoami' command. Repeat-By: I checked this bug in python3 (is an examples above), with command echo and with command git commit -m "commit!!" All command return stdout with previous command. This can be used for bypass something local settings, like a ban on executable command, like run command with NOPASSWD param and so on. Fix: [Description of how to fix the problem. If you don't know a fix for the problem, don't include this section.]