[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BUG: echo builtin does not handle -- arguments

From: Pierre Gaston
Subject: Re: BUG: echo builtin does not handle -- arguments
Date: Mon, 22 Nov 2010 10:42:05 +0200

On Mon, Nov 22, 2010 at 10:33 AM, Марк Коренберг <address@hidden> wrote:
> in latest bash:
> suppose script:
> for i in "address@hidden"; do
>    echo "$i"
> done
> if malicious user give file name "-e", empty string will be emitted to
> stdout, but string "-e" should.
> It will be nice if I cat write
> echo -- "$i"
> as many tool, such as grep, use.
> Now, I replace echo "$i" with printf "%s\n" "$i", but it is
> workaround, as I think.
> --
> Segmentation fault
It's one of the known problem with echo.
SUS specifically says that -- should not do that, that  echo is not
portable and that "New applications are encouraged to use printf
instead of echo".

So printf is more than a workaround, it's the way to go.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]