Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 490605@bugs.debian.org, Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
Subject: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
From: Goswin von Brederlow <goswin-v-b@web.de>
Date: Fri, 05 Jun 2009 00:28:09 +0200
Message-id: <874ouvy6py.fsf@frosties.localdomain>
Reply-to: Goswin von Brederlow <goswin-v-b@web.de>, 490605@bugs.debian.org
In-reply-to: <1244150166.19400.918.camel@kaa.jungle.aubergine.my-net-space.net> (Adam D. Barratt's message of "Thu, 04 Jun 2009 22:16:06 +0100")
References: <200807122041.45259.atomo64@gmail.com> <200906010138.38436.atomo64@gmail.com> <20090602175400.GB3748@yellowpig> <200906021332.10404.atomo64@gmail.com> <4A276971.6010003@debian.org> <20090604095319.GA31962@rivendell> <20090604121425.GF27243@yellowpig> <1244150166.19400.918.camel@kaa.jungle.aubergine.my-net-space.net>

"Adam D. Barratt" <adam@adam-barratt.org.uk> writes:

> On Thu, 2009-06-04 at 14:14 +0200, Bill Allombert wrote:
>> Consider this example: the safe "printf" way to do
>> echo $BAR
>> is
>> printf "%s\n" "$BAR"
>> 
>> (in case BAR hold a value like BAR="%s a")
>> So printf is slightly unwiedly to use and it can create
>> format string attack.

But at least one can make it save even with user input. "echo $BAR"
can never be safe.

> It does, however, have the advantage of working if BAR contains "-E".
> (This isn't a contrived example, it's why I recently changed the parsing
> of DEBUILD_LINTIAN_OPTS to use printf rather than echo; if there's  a
> sane way of printing "-E" using echo I'd love to know what it is).
>
> Regards,
>
> Adam

bash:
$ echo - -E
- -E
$ echo -- -E
-- -E

zsh:
% echo - -E 
-E
% echo -- -E
-- -E

So I would have to say "echo -- -E | cut -b4-". Isn't that fun.
The same problem arises with -e and -n. And --help and --version are
fun too. gnu echo has then, others don't.

Reply to:

References:
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Raphael Geissert <atomo64@gmail.com>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Raphael Geissert <atomo64@gmail.com>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Giacomo Catenazzi <cate@debian.org>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Raphael Hertzog <hertzog@debian.org>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Next by Date: Re: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Previous by thread: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Next by thread: Bug#490605: debian-policy: please discourage the usage of echo -n, and echo in general
Index(es):
- Date
- Thread