[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash $@ Parameter Variable Breaking Out of Strings
|
From: |
Greg Wooledge |
|
Subject: |
Re: Bash $@ Parameter Variable Breaking Out of Strings |
|
Date: |
Tue, 22 Mar 2016 11:51:09 -0400 |
|
User-agent: |
Mutt/1.4.2.3i |
On Tue, Mar 22, 2016 at 11:35:46AM -0400, Adam Danischewski wrote:
> function update() {
> local -i VAR=45
> local -i TOPSECRET_NUMBER=50 ## No one can know about.
> VAR+=${1}
> echo $VAR
> }
>
> $ update 0
> 45
> $ update TOPSECRET_NUMBER
> 95
>
> ## Successfully deduce that TOPSECRET_NUMBER is 50
> ## Instead could be CC_NUM, CCARD, SessionID, CrToken, etc.
This is a problem with your code, not with bash. If you don't want
a function's secrets to be revealed to the caller, then don't write
output which reveals those secrets.
If you choose to interpret $1 as a variable name, and evaluate that
variable, as you are doing here, then you may need to reject $1 if
it names a variable that you don't like.
I still do not understand the intent of this function. You still
appear to be playing around with "passing variables by reference",
which is still not possible to do safely.
It would help if you'd say what you are trying to do.