coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dircolors man page should mention proper quoting


From: Eric Blake
Subject: Re: dircolors man page should mention proper quoting
Date: Tue, 28 Jun 2016 11:22:38 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

On 06/28/2016 10:50 AM, Reuti wrote:

> 
> Ok, I see the point in ssh-agent not including the single quotation marks. 
> But enclosing the complete output across several lines into quotation marks 
> doesn't seem to change anything:
> 
> $ unset sock
> $ cat foo.sh
> echo -n sock=\'xx xx/baz\'\;' '

'echo -n' is not portable, get used to printf(1) instead.

> echo export sock\;
> $ ./foo.sh
> sock='xx xx/baz'; export sock;
> $ eval `./foo.sh`
> $ echo $sock
> xx xx/baz
> $ unset sock
> $ eval "`./foo.sh`"
> $ echo $sock
> xx xx/baz

Perhaps another example would help. And maybe I should check my facts -
the real problem is not word splitting so much as globbing.

$ cat foo.sh
echo "sock='foo.?h'"
$ touch "sock='foo.ah'"
$ ./foo.sh
sock='foo.?h'
$ eval `./foo.sh`
$ echo "$sock"
foo.ah
$ eval "`./foo.sh`"
$ echo "$sock"
foo.?h

See how the glob converted my command line into the globbed filename,
when `` was unquoted, vs. my intended value with a shell metacharacter
when `` was quoted.

All it takes is for someone to set TMPDIR to such a filename, and then
provide a filename that globs incorrectly, for the unquoted version to
possibly cause unintended behavior.

And that's why the documentation should be fixed to always recommend
quoting, even if the corner cases where it matters are hard to encounter.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]