Re: Following symlinks in globstar

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Following symlinks in globstar

From:	Stephane Chazelas
Subject:	Re: Following symlinks in globstar
Date:	Sat, 25 Jan 2014 23:11:29 +0000
User-agent:	Mutt/1.5.21 (2010-09-15)

2014-01-21 10:19:10 -0500, Chet Ramey:
[...]
> > I am not so worried about the method used to "fix" globstar -- whether
> > we keep backwards compatibility or not -- I am more concerned that we
> > have at least *some* way of disabling what many people view as
> > undesirable behaviour.
> 
> It may or may not be undesirable -- we have no data other than your
> original message indicating that it is.  There have been no proposals,
> no code contributions, and nothing other than anecdotes to demonstrate
> that "many people" view it as a problem.
> 
> I interpret this lack of discussion as an indication of priority.  I do
> not consider this a priority, and have not to this point, and I have only
> looked at it briefly.
[...]

I agree with Chris that the bash behaviour here is not
desirable. There's a number of articles on usenet or
unix.stackexchange.com (many by me sorry,
http://unix.stackexchange.com/search?q=bash+globstar+symlink)
that say that the bash behaviour is broken in that regard and
that globstar from other shells should be used instead.

That following symlink behaviour has plagged GNU grep for years
until it was fixed in 2.12 (breaking backward compatibility),
where -r now does not follow symlinks anymore (but -R still does).

The **/ feature comes from zsh (1990), was first copied by ksh93
in 2003 (with differences), by fish in 2005, bash in 2009 and
tcsh in 2010.

bash's behaviour in many respect is closer to ksh's than zsh's.

fish's is the only other implementation that follows symlinks.

zsh's, ksh's, tcsh's don't.

zsh and tcsh both support ***/* to follow symlinks.

Utilities that recurse (chmod -R, chown -R, find, cp -r...) do
not follow symlinks (some have options to allow it).

When they do, at least they try to detect loops, bash doesn't
(fish seems to have some sort of provision for it?)

IMO, it's a dangerous misfeature, prone to introducing security
vulnerabilities.

I beleive most people using globstar are unaware of the problem,
and changing the behaviour to not follow symlinks would a lot
more likely fix those scripts that use globstar than break them.

In over 15 years of using zsh, I've been using ** daily but I
can probably count on the fingers of my hands the times I've
used *** (certainly a lot less than the times I've been bitten
by grep -r following symlinks).

Now granted, */* does follow symlinks in every shell. But
there's no recursion there, so there are a few issues which it
doesn't have.

Where bash could improve on zsh here is provide a way to avoid
following symlinks in both **/* and */*/*.

Cheers,
Stephane

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Following symlinks in globstar, Chris Down, 2014/01/21
- Re: Following symlinks in globstar, Chet Ramey, 2014/01/21
  - Re: Following symlinks in globstar, Stephane Chazelas <=

Prev by Date: Re: Bash-4.3-rc1 -- undefined reference to `sh_xfree'
Next by Date: Re: Bash-4.3-rc1 - problems and other problems
Previous by thread: Re: Following symlinks in globstar
Next by thread: Re: Bash-4.3-rc1 -- undefined reference to `sh_xfree'
Index(es):
- Date
- Thread