Re: bash exorcism experiment ('bug' 762923 & 763012)

To: debian-user@lists.debian.org
Subject: Re: bash exorcism experiment ('bug' 762923 & 763012)
From: Matthias Urlichs <matthias@urlichs.de>
Date: Mon, 13 Oct 2014 12:46:25 +0200
Message-id: <[🔎] 20141013104625.GM3964@smurf.noris.de>
In-reply-to: <alpine.DEB.2.11.1410131220060.28621@tglase.lan.tarent.de>
References: <20140927163017.GA7300@grep.be> <20140927181845.GA2816@gaara.hadrons.org> <20140927184257.GA26444@x230-buxy.home.ouaza.com> <20140928021144.GE1755@nl.grid.coop> <20140928083350.GA4738@riva.ucam.org> <1411893590.6958.92.camel@russell-laptop.pc.brisbane.lube> <87fvet3vgf.fsf@mid.deneb.enyo.de> <1413157588.5206.28.camel@russell-laptop.pc.brisbane.lube> <8CE27F9C-7AB6-4A9F-9729-4FC417EDBF7C@naturalnet.de> <alpine.DEB.2.11.1410131220060.28621@tglase.lan.tarent.de>

Hi,

Thorsten Glaser:
> Never put “tainted” input into ksh arithmetics, period.

The problem is that there's no option akin to perl's Taint mode which tells
the shell that some operations / variable contents are OK and some are not.

Sure it's a user error, ultimately, but the system doesn't help the user to
fix the bug. It doesn't fail safe, indeed it cannot.
That's the real failure, and it probably is not even fixable.

Of course, there's the flip side: scripts which are so complex that this
kind of error can creep in should not be written in Shell in the first
place …

-- 
-- Matthias Urlichs

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Re: Reality check.
Next by Date: Re: HTML5 videos in Jessie
Previous by thread: Re: Reality check.
Next by thread: Re: Re: piece of mind (Re: Moderated posts?)
Index(es):
- Date
- Thread