Re: incorrect character handling
On 2021/03/30 13:54, Lawrence Velázquez wrote: Further reading: https://mywiki.wooledge.org/BashPitfalls#echo_.22Hello_World.21.22 --- I find that disabling history expansion via '!' at bash-build time is the most ideal solution, since someone preferring 'csh' would likely still be using csh or some compatible -- and bash isn't generally recognized as being csh compatible, but rather posix-sh compatible.
Re: incorrect character handling
On Tue, Mar 30, 2021, at 4:50 PM, Greg Wooledge wrote:
> On Wed, Mar 31, 2021 at 02:31:46AM +0700, by.sm--- via Bug reports for
> the GNU Bourne Again SHell wrote:
> > poc=whoami
> > $poc
> > python3 -c "print('!!')"
> >
> > That return 'whoami' command.
>
> You're running into the csh-style history expansion. A lot of us simply
> disable it, because it's not worth the effort it takes to work around it.
>
> set +o histexpand
>
>
> If you insist on keeping it, and working around it, the key is to
> understand that single quotes will protect you, but double quotes may
> not.
>
> echo 'hi!'
>
> echo "hi!"
Further reading:
https://mywiki.wooledge.org/BashPitfalls#echo_.22Hello_World.21.22
vq
Re: incorrect character handling
On Wed, Mar 31, 2021 at 02:31:46AM +0700, by.sm--- via Bug reports for the GNU
Bourne Again SHell wrote:
> poc=whoami
> $poc
> python3 -c "print('!!')"
>
> That return 'whoami' command.
You're running into the csh-style history expansion. A lot of us simply
disable it, because it's not worth the effort it takes to work around it.
set +o histexpand
If you insist on keeping it, and working around it, the key is to
understand that single quotes will protect you, but double quotes may
not.
echo 'hi!'
echo "hi!"
The actual behavior of ! (history expansions) inside double quotes has
changed across bash versions, so you may have more problems, or fewer
problems, depending on your bash version. But there will never be
zero problems.
Re: incorrect character handling
On Tue, Mar 30, 2021 at 1:38 PM by.sm--- via Bug reports for the GNU
Bourne Again SHell wrote:
>
> Configuration Information [Automatically generated, do not change]:
> Machine: x86_64
> OS: darwin18.7.0
> Compiler: clang
> Compilation CFLAGS: -DSSH_SOURCE_BASHRC
> uname output: Darwin Mac 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25
> 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64
> Machine Type: x86_64-apple-darwin18.7.0
>
> Bash Version: 5.1
> Patch Level: 4
> Release Status: release
>
> Description:
> Bash (zsh/ash/etc) has incorrect character handling, when spec
> symbols use in another program and work with stdout. Problem with command
> "!!", "!", "$", etc.
>
> Example: use standart output to console by python3:
> python3 -c "print('ls')"
>
> It's return ls to stdout. But if i print something like:
> python3 -c "print('wow, it\'s working !!)"
>
> bash will process "!!" like a command and substitute the previous command.
Yes, this is a feature! It's called "history substitution" and it's
enabled by default on interactive shells. You can read more about it
in the bash manual. If you don't need this behavior, you can turn it
off with: set +H
incorrect character handling
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: darwin18.7.0
Compiler: clang
Compilation CFLAGS: -DSSH_SOURCE_BASHRC
uname output: Darwin Mac 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25
23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64
Machine Type: x86_64-apple-darwin18.7.0
Bash Version: 5.1
Patch Level: 4
Release Status: release
Description:
Bash (zsh/ash/etc) has incorrect character handling, when spec symbols
use in another program and work with stdout. Problem with command "!!", "!",
"$", etc.
Example: use standart output to console by python3:
python3 -c "print('ls')"
It's return ls to stdout. But if i print something like:
python3 -c "print('wow, it\'s working !!)"
bash will process "!!" like a command and substitute the previous command.
Will work the same way constructions like:
poc=whoami
$poc
python3 -c "print('!!')"
That return 'whoami' command.
Repeat-By:
I checked this bug in python3 (is an examples above), with command echo
and with command git commit -m "commit!!"
All command return stdout with previous command. This can be used for bypass
something local settings, like a ban on executable command, like run command
with NOPASSWD param and so on.
Fix:
[Description of how to fix the problem. If you don't know a
fix for the problem, don't include this section.]
