[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Arithmetic + array allows for code injection

From: Chet Ramey
Subject: Re: Arithmetic + array allows for code injection
Date: Mon, 02 Jun 2014 10:17:16 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

On 6/2/14, 9:34 AM, Greg Wooledge wrote:

> (One could argue that POSIX's wording doesn't require the command
> substitution be done in a second pass AFTER the parameter expansion.
> But apparently it has been interpreted this way.)

Posix doesn't have arrays, and so doesn't concern itself with how array
indices are expanded.  It does, however, only require that variables
whose value looks like an integer constant be expanded within expressions.
Bash has never done that; the variable's value is treated as an expression.

``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]