[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential Bash Script Vulnerability
From: |
Kerin Millar |
Subject: |
Re: Potential Bash Script Vulnerability |
Date: |
Tue, 9 Apr 2024 00:13:09 +0100 |
On Tue, 9 Apr 2024 10:42:58 +1200
Martin D Kealey <martin@kurahaupo.gen.nz> wrote:
> On Mon, 8 Apr 2024 at 01:49, Kerin Millar <kfm@plushkava.net> wrote:
>
> > the method by which vim amends files is similar to that of sed -i.
> >
>
> I was about to write "nonsense, vim **never** does that for me", but then I
> remembered that using ":w!" instead of ":w" (or ":wq!" instead of ":wq")
> will write the file as normal, but if that fails, it will attempt to remove
> it and create a new one. Ironically, that's precisely one of the cases
> where using "sed -i" is a bad idea, but at least with vim you've already
> tried ":w" and noticed that it failed, and made a considered decision to
> use ":w!" instead.
>
> Except that nowadays many folk always type ":wq!" to exit vim, and never
> put any thought into this undesirable side effect.
>
> I put that in the same bucket as using "kill -9" to terminate daemons, or
> liberally using "-f" or "--force" in lots of other places. Those are bad
> habits, since they override useful safety checks, and I recommend making a
> strenuous effort to unlearn such patterns. Then you can use these stronger
> versions only when (1) the soft versions fail, and (2) you understand the
> collateral damage, and (3) you've thought about it and decided that it's
> acceptable in the particular circumstances.
>
> -Martin
>
> PS: I've never understood the preference for ":wq" over "ZZ" (or ":x"); I
> want to leave the modification time unchanged if I don't edit the file.
Alright. In that case, I don't know why I wasn't able to 'inject' a replacement
command with it. I'll give it another try and see whether I can determine what
happened.
--
Kerin Millar
- Re: Potential Bash Script Vulnerability, (continued)
- Re: Potential Bash Script Vulnerability, admin, 2024/04/08
- Message not available
- Re: Potential Bash Script Vulnerability, Oğuz, 2024/04/08
- Message not available
- Re: Potential Bash Script Vulnerability, Robert Elz, 2024/04/08
- Re: Potential Bash Script Vulnerability, Oğuz, 2024/04/08
- Re: Potential Bash Script Vulnerability, Robert Elz, 2024/04/08
- Re: Potential Bash Script Vulnerability, Oğuz, 2024/04/08
Re: Potential Bash Script Vulnerability, Martin D Kealey, 2024/04/08
Re: Potential Bash Script Vulnerability, Chet Ramey, 2024/04/08