bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential Bash Script Vulnerability


From: Martin D Kealey
Subject: Re: Potential Bash Script Vulnerability
Date: Tue, 9 Apr 2024 10:42:58 +1200

On Mon, 8 Apr 2024 at 01:49, Kerin Millar <kfm@plushkava.net> wrote:

> the method by which vim amends files is similar to that of sed -i.
>

I was about to write "nonsense, vim **never** does that for me", but then I
remembered that using ":w!" instead of ":w" (or ":wq!" instead of ":wq")
will write the file as normal, but if that fails, it will attempt to remove
it and create a new one. Ironically, that's precisely one of the cases
where using "sed -i" is a bad idea, but at least with vim you've already
tried ":w" and noticed that it failed, and made a considered decision to
use ":w!" instead.

Except that nowadays many folk always type ":wq!" to exit vim, and never
put any thought into this undesirable side effect.

I put that in the same bucket as using "kill -9" to terminate daemons, or
liberally using "-f" or "--force" in lots of other places. Those  are bad
habits, since they override useful safety checks, and I recommend making a
strenuous effort to unlearn such patterns. Then you can use these stronger
versions only when (1) the soft versions fail, and (2) you understand the
collateral damage, and (3) you've thought about it and decided that it's
acceptable in the particular circumstances.

-Martin

PS: I've never understood the preference for ":wq" over "ZZ" (or ":x"); I
want to leave the modification time unchanged if I don't edit the file.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]