--- Begin Message ---
Subject: |
"sed -i '...' -" in git head |
Date: |
Thu, 13 Aug 2015 15:15:26 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hello,
about this commit:
> commit c033bdee411128dfebfea1974d1ee3c1d9eac572
> Author: Jim Meyering <address@hidden>
> Date: Sat Jun 20 07:38:49 2015 -0700
>
> sed -i: do not treat "-" as a file name
the behaviour was aligned with perl's (where that syntax derives
from).
In perl, perl -pi -e 's/../../' -- *
or perl -pi -e 's/../../' -- "$file"
is known to be /reliable/ (work regardless of the value of $file
(while without -i it's not, see
https://unix.stackexchange.com/questions/170013/security-implications-of-running-perl-ne
(-, cmd|, <file... are a problem there))
That was also /safe/ in sed before that change. Treating "-" as
stdin with -i doesn't make sense as it doesn't make sense to
edit stdin "in-place".
Now that means it breaks scripts that do:
sed -i '...' -- "$file"
expecting it modify $file regardless of the name of $file. Now,
one has to do:
case $file in
-) file=./-
esac
sed -i '...' -- "$file"
for no good reason.
IMO, that change only has negative consequences.
just my 2 cents.
--
Stephane
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#21249: "sed -i '...' -" in git head |
Date: |
Sun, 3 Jan 2016 10:53:52 -0800 |
On Sat, Jan 2, 2016 at 7:25 PM, Jim Meyering <address@hidden> wrote:
> On Thu, Aug 13, 2015 at 7:15 AM, Stephane Chazelas
> <address@hidden> wrote:
>> Hello,
>>
>> about this commit:
>>
>>> commit c033bdee411128dfebfea1974d1ee3c1d9eac572
>>> Author: Jim Meyering <address@hidden>
>>> Date: Sat Jun 20 07:38:49 2015 -0700
>>>
>>> sed -i: do not treat "-" as a file name
>>
>> the behaviour was aligned with perl's (where that syntax derives
>> from).
>>
>> In perl, perl -pi -e 's/../../' -- *
>>
>> or perl -pi -e 's/../../' -- "$file"
>>
>> is known to be /reliable/ (work regardless of the value of $file
>> (while without -i it's not, see
>> https://unix.stackexchange.com/questions/170013/security-implications-of-running-perl-ne
>> (-, cmd|, <file... are a problem there))
>>
>> That was also /safe/ in sed before that change. Treating "-" as
>> stdin with -i doesn't make sense as it doesn't make sense to
>> edit stdin "in-place".
>>
>> Now that means it breaks scripts that do:
>> sed -i '...' -- "$file"
>> expecting it modify $file regardless of the name of $file. Now,
>> one has to do:
>>
>> case $file in
>> -) file=./-
>> esac
>> sed -i '...' -- "$file"
>>
>> for no good reason.
>>
>> IMO, that change only has negative consequences.
>
> Thank you for the report and good argument.
> I plan to revert that change with the attached patch:
Pushed.
--- End Message ---