Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general

To: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
Cc: 490605@bugs.debian.org
Subject: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 04 Jun 2009 22:16:06 +0100
Message-id: <1244150166.19400.918.camel@kaa.jungle.aubergine.my-net-space.net>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 490605@bugs.debian.org
In-reply-to: <20090604121425.GF27243@yellowpig>
References: <200807122041.45259.atomo64@gmail.com> <200906010138.38436.atomo64@gmail.com> <20090602175400.GB3748@yellowpig> <200906021332.10404.atomo64@gmail.com> <4A276971.6010003@debian.org> <20090604095319.GA31962@rivendell> <20090604121425.GF27243@yellowpig>

On Thu, 2009-06-04 at 14:14 +0200, Bill Allombert wrote:
> Consider this example: the safe "printf" way to do
> echo $BAR
> is
> printf "%s\n" "$BAR"
> 
> (in case BAR hold a value like BAR="%s a")
> So printf is slightly unwiedly to use and it can create
> format string attack.

It does, however, have the advantage of working if BAR contains "-E".
(This isn't a contrived example, it's why I recently changed the parsing
of DEBUILD_LINTIAN_OPTS to use printf rather than echo; if there's  a
sane way of printing "-E" using echo I'd love to know what it is).

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Julian Gilbey <jdg@polya.uklinux.net>

References:
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Raphael Geissert <atomo64@gmail.com>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Raphael Geissert <atomo64@gmail.com>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Giacomo Catenazzi <cate@debian.org>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Raphael Hertzog <hertzog@debian.org>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>

Prev by Date: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Next by Date: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Previous by thread: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Next by thread: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Index(es):
- Date
- Thread