[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Incorrect / Inconsistent behavior with nameref assignments in functi
From: |
Binarus |
Subject: |
Re: Incorrect / Inconsistent behavior with nameref assignments in functions |
Date: |
Mon, 31 Aug 2020 08:34:13 +0200 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 |
On 30.08.2020 16:50, Greg Wooledge wrote:
> The evil thing here is code injection. Obviously eval is one way to
> perform code injection, but it's not the *only* way. Eval itself isn't
> evil; if anything, it's all of the other forms of code injection,
> which people don't suspect, that are truly insidious.
>
> https://mywiki.wooledge.org/CodeInjection
> https://mywiki.wooledge.org/BashWeaknesses
>
> You're trying to do something that you feel should be possible -- passing
> an array to a function by reference. Every other language can do this,
> right? So bash should be able to do this... right? Nope.
>
> Passing variables by reference (especially arrays) is one of the
> major missing features of bash. Everyone wants it. Many, many people
> have attempted it. The sheer insanity of some of the attempts is
> astounding.
>
> https://fvue.nl/wiki/Bash:_Passing_variables_by_reference
>
> That's a slightly older page, but he found an exploit in "unset" which
> does bizarre things when called at different function scope levels, and
> managed to use it to manipulate the existence of variables at various
> function scopes.
>
> If you absolutely *need* to pass a variable by reference, don't use bash.
> That's the best advice I can give you.
You are absolutely right, and I have understood this in the meantime.
Unfortunately, there is a substantial amount of work (and thus, money)
in these scripts, and there is a time line, so the moment where I could
dump bash for Perl or Python has passed some time ago.
Hence, I really have to finish these bash scripts, but I have learned my
lesson and in the future won't use bash for anything that is more
complex than a one-liner. Even though bash 5.1 seems to solve my current
problem, I suspect that there are more surprises like this which I just
haven't come across yet.
Thank you very much, and best regards,
Binarus
- Re: Incorrect / Inconsistent behavior with nameref assignments in functions, (continued)
Re: Incorrect / Inconsistent behavior with nameref assignments in functions, Binarus, 2020/08/28
Re: Incorrect / Inconsistent behavior with nameref assignments in functions, Chet Ramey, 2020/08/31
Re: Incorrect / Inconsistent behavior with nameref assignments in functions, Koichi Murase, 2020/08/28
Re: Incorrect / Inconsistent behavior with nameref assignments in functions, Chet Ramey, 2020/08/31