[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Arbitrary command execution from test on a quoted string
From: |
Greg Wooledge |
Subject: |
Re: Arbitrary command execution from test on a quoted string |
Date: |
Fri, 29 Oct 2021 08:01:40 -0400 |
On Fri, Oct 29, 2021 at 12:48:57PM +0300, Ilkka Virta wrote:
> Not that I'm sure the upper one is still safe against every input. I think
> issues with associative array keys have been
> discussed on the list before.
Sadly, yes. Bash is the exploding barbed wire death match of programming
languages. Every single feature of bash is capable of hurting you if you
use it in the naive or obvious way.
https://mywiki.wooledge.org/BashProgramming/05#Associative_Array_Index_Multiple_Expansions
https://mywiki.wooledge.org/BashPitfalls#pf61
https://mywiki.wooledge.org/BashPitfalls#pf62
Re: Arbitrary command execution from test on a quoted string, Ilkka Virta, 2021/10/29
- Re: Arbitrary command execution from test on a quoted string,
Greg Wooledge <=
- Re: Arbitrary command execution in shell - by design!, L A Walsh, 2021/10/29
- Re: Arbitrary command execution in shell - by design!, Greg Wooledge, 2021/10/29
- Re: Arbitrary command execution in shell - by design!, Léa Gris, 2021/10/29
- Re: Arbitrary command execution in shell - by design!, L A Walsh, 2021/10/30
- Re: Arbitrary command execution in shell - by design!, Léa Gris, 2021/10/30
- Re: Arbitrary command execution in shell - by design!, Ángel, 2021/10/30
Re: Arbitrary command execution in shell - by design!, Robert Elz, 2021/10/29