On 5/1/25 3:44 PM, Rob Landley wrote:
On 5/1/25 10:29, Chet Ramey wrote:On 4/30/25 6:23 PM, Rob Landley wrote:Somebody forwarded that to me from an exploit how-to site. It's apparently a trick used to subvert scripts that call things via absolute path to avoid malicious $PATH.I suppose if you can get a script to source an arbitrary file, you can do pretty much anything.$ command /usr/bin/whoami landley $ command() { echo nope; } $ command /usr/bin/whoami nope What was the _benefit_ of allowing / in command names?
I can't remember; it was 35 years ago. It's been that way since pre-1.0.
$ x() { echo hello; }; D=x; $D helloOK? Commands are parsed, then executed.To me, that seemed like analogous behavior working on the same line.
Not at all. The line is parsed into three commands and executed: 1. The shell function is created by the function definition command. 2. The variable D is given a value by the simple command. 3. The variable D is expanded as part of word expansion and the result is executed as a simple command. I don't see how you get much a similarity here, since there's nothing changed by the parser like in alias expansion.
Mostly the use of alias I've encountered seems to be things like alias ls='ls -l' allowing additional arguments, although ls() { ls -l "$@"; } seems like it could do it too.
Most of what aliases do can be done with shell functions. The bash man page says as much. The really tricky stuff is where you change how the shell parses a command. The _unique_ feature is stuff like:
$ alias ls='ls >' $ ls bash: syntax error near unexpected token `newline'
Yes: you can change the shell syntax. You can also introduce syntax errors; the POSIX description of `alias' contains some examples.
It works for prefix assignments but not: $ alias blah='echo hello' $ >file blah $ cat blah cat: blah: No such file or directory
What are you expecting this to do? Where do you create a file named `blah'? Maybe you meant `cat file', which would display `hello'.
$ bash -c $'echo $LINENO;alias a=b\necho $LINENO;a' 1 2 bash: line 2: a: command not foundAnywhere the shell executes a string (the command_string argument to `sh -c', `eval', command substitution bodies), it parses the entire string as a compound_list and then executes that list.I just did fmemopen(buf, strlen(buf), "r") and fed it to the same line reading loop as everything else. You're saying I should write extra code to behave differently for the special case.
You have agency here, Rob: you don't have to do anything you don't want to. I'm telling you what other shells -- including bash -- do and what POSIX says (most of it's unspecified).
And, of course: $ alias one=two $ on\e bash: one: command not foundWhen that is tokenized, the backslash is still part of the word, so it can't match an alias name.Only because:
No, the two are separate but related. POSIX doesn't allow alias substitution if any of the characters in the token are quoted, so it makes no sense to allow alias names that contain, for instance, a backslash. (POSIX also has other restrictions on alias names.)
$ alias on\\e=two bash: alias: `on\e': invalid alias name Which function definition _doesn't_ do...
Yes, bash is really liberal about what it allows in function names --
basically anything that you can put in a filename. POSIX says a conforming
application must ensure it's a `name', but allows implementations to extend
the allowed characters, and bash does.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
