Re: Incorrect / Inconsistent behavior with nameref assignments in functions

[Greg Wooledge]

On Sun, Aug 30, 2020 at 12:24:03PM +0200, Binarus wrote:
> On 30.08.2020 02:59, Koichi Murase wrote:
> > * Another way is to copy to the local array only when the name is
> >   different from `myArray':
> > 
> >   function Dummy {
> >     [[ $1 == myArray ]] ||
> >       eval "local -a myArray=(\"\${$1[@]}\")"
> >     declare -p myArray
> >   }
> 
> Thank you very much for that idea!
> 
> However, eval is evil. If I ever had to provide that function to other
> users (which currently is not the case), then I would have a problem if
> another user would call it like that:
> 
> declare -a -i myArray1=('1' '2' '3')
> Dummy 'myArray1[@]}"); echo Gotcha!; #'
> 
> Output:
> 
> root@cerberus:~/scripts# ./test6
> Gotcha!
> declare -a myArray=([0]="1" [1]="2" [2]="3")

The evil thing here is code injection.  Obviously eval is one way to
perform code injection, but it's not the *only* way.  Eval itself isn't
evil; if anything, it's all of the other forms of code injection,
which people don't suspect, that are truly insidious.

https://mywiki.wooledge.org/CodeInjection
https://mywiki.wooledge.org/BashWeaknesses

You're trying to do something that you feel should be possible -- passing
an array to a function by reference.  Every other language can do this,
right?  So bash should be able to do this... right?  Nope.

Passing variables by reference (especially arrays) is one of the
major missing features of bash.  Everyone wants it.  Many, many people
have attempted it.  The sheer insanity of some of the attempts is
astounding.

https://fvue.nl/wiki/Bash:_Passing_variables_by_reference

That's a slightly older page, but he found an exploit in "unset" which
does bizarre things when called at different function scope levels, and
managed to use it to manipulate the existence of variables at various
function scopes.

If you absolutely *need* to pass a variable by reference, don't use bash.
That's the best advice I can give you.