[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dircolors man page should mention proper quoting
From: |
Eric Blake |
Subject: |
Re: dircolors man page should mention proper quoting |
Date: |
Tue, 28 Jun 2016 11:22:38 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 06/28/2016 10:50 AM, Reuti wrote:
>
> Ok, I see the point in ssh-agent not including the single quotation marks.
> But enclosing the complete output across several lines into quotation marks
> doesn't seem to change anything:
>
> $ unset sock
> $ cat foo.sh
> echo -n sock=\'xx xx/baz\'\;' '
'echo -n' is not portable, get used to printf(1) instead.
> echo export sock\;
> $ ./foo.sh
> sock='xx xx/baz'; export sock;
> $ eval `./foo.sh`
> $ echo $sock
> xx xx/baz
> $ unset sock
> $ eval "`./foo.sh`"
> $ echo $sock
> xx xx/baz
Perhaps another example would help. And maybe I should check my facts -
the real problem is not word splitting so much as globbing.
$ cat foo.sh
echo "sock='foo.?h'"
$ touch "sock='foo.ah'"
$ ./foo.sh
sock='foo.?h'
$ eval `./foo.sh`
$ echo "$sock"
foo.ah
$ eval "`./foo.sh`"
$ echo "$sock"
foo.?h
See how the glob converted my command line into the globbed filename,
when `` was unquoted, vs. my intended value with a shell metacharacter
when `` was quoted.
All it takes is for someone to set TMPDIR to such a filename, and then
provide a filename that globs incorrectly, for the unquoted version to
possibly cause unintended behavior.
And that's why the documentation should be fixed to always recommend
quoting, even if the corner cases where it matters are hard to encounter.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature