[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: quoted compound array assignment deprecated

From: Chet Ramey
Subject: Re: quoted compound array assignment deprecated
Date: Tue, 18 Aug 2015 15:54:04 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0.1

On 8/18/15 1:52 PM, isabella parakiss wrote:

> Sorry for being both pedantic and late for that discussion but what's the
> point of this warning?  From my understanding, the code is still valid, so
> it doesn't stop a possible attacker and it only annoys regular users.

It's meant as an indication that this form of assignment will not be
treated as a compound array assignment in the future.  The idea is that
you give users plenty of warning and plenty of opportunity to change
their scripts without impacting function or breaking existing scripts
on a minor version upgrade.

There are legitimate security concerns with having declare treat an
expanded variable as specifying a compound array assignment.  Stephane
did a nice job of going through them, and the discussion is illuminating.

> Using eval requires an extra level of escaping on everything else, I'd
> rather use declare 2>/dev/null to suppress the warning than eval...

Your choice, of course.

> Idea: display the warnings in -n mode, like ksh.
> This way bash wouldn't produce unexpected results on existing scripts, it
> wouldn't even require a new compatibility level and shopt.
> What do you think about it?

Very few people run bash -n.  It's a nice idea, but it wouldn't have the
reach I'm looking for.

``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]