[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: BUG: echo builtin does not handle -- arguments
From: |
Pierre Gaston |
Subject: |
Re: BUG: echo builtin does not handle -- arguments |
Date: |
Mon, 22 Nov 2010 10:42:05 +0200 |
On Mon, Nov 22, 2010 at 10:33 AM, Марк Коренберг <socketpair@gmail.com> wrote:
> in latest bash:
>
> suppose script:
>
> for i in "${filenames[@]}"; do
> echo "$i"
> done
>
> if malicious user give file name "-e", empty string will be emitted to
> stdout, but string "-e" should.
>
> It will be nice if I cat write
> echo -- "$i"
> as many tool, such as grep, use.
>
> Now, I replace echo "$i" with printf "%s\n" "$i", but it is
> workaround, as I think.
>
> --
> Segmentation fault
>
>
It's one of the known problem with echo.
SUS specifically says that -- should not do that, that echo is not
portable and that "New applications are encouraged to use printf
instead of echo".
So printf is more than a workaround, it's the way to go.