Re: BUG: echo builtin does not handle -- arguments

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BUG: echo builtin does not handle -- arguments

From:	Pierre Gaston
Subject:	Re: BUG: echo builtin does not handle -- arguments
Date:	Mon, 22 Nov 2010 10:42:05 +0200

On Mon, Nov 22, 2010 at 10:33 AM, Марк Коренберг <socketpair@gmail.com> wrote:
> in latest bash:
>
> suppose script:
>
> for i in "${filenames[@]}"; do
>    echo "$i"
> done
>
> if malicious user give file name "-e", empty string will be emitted to
> stdout, but string "-e" should.
>
> It will be nice if I cat write
> echo -- "$i"
> as many tool, such as grep, use.
>
> Now, I replace echo "$i" with printf "%s\n" "$i", but it is
> workaround, as I think.
>
> --
> Segmentation fault
>
>
It's one of the known problem with echo.
SUS specifically says that -- should not do that, that  echo is not
portable and that "New applications are encouraged to use printf
instead of echo".

So printf is more than a workaround, it's the way to go.

[Prev in Thread]

Current Thread

[Next in Thread]

BUG: echo builtin does not handle -- arguments, Марк Коренберг, 2010/11/22
- Re: BUG: echo builtin does not handle -- arguments, Pierre Gaston <=
- Re: BUG: echo builtin does not handle -- arguments, Chet Ramey, 2010/11/22

Prev by Date: BUG: echo builtin does not handle -- arguments
Next by Date: Re: ionice bash pid in bash_profile Fails
Previous by thread: BUG: echo builtin does not handle -- arguments
Next by thread: Re: BUG: echo builtin does not handle -- arguments
Index(es):
- Date
- Thread