Post AoGmTathQU7KXcJsjQ by hanno@mastodon.social
(DIR) More posts by hanno@mastodon.social
(DIR) Post #AoGivatOddE2olH2YK by yossarian@infosec.exchange
2024-11-21T01:27:38Z
0 likes, 0 repeats
TIL: Some surprising code execution sources in bashhttps://yossarian.net/til/post/some-surprising-code-execution-sources-in-bash#til #shell #security
(DIR) Post #AoGivc3MK4myPwwVii by kees@fosstodon.org
2024-11-21T12:31:37Z
1 likes, 0 repeats
@yossarian The use of '[[' is the problem. That's an evaluating comparison and is as dangerous as 'eval' (as shown). All scripts should be using just the single '['. Using '[[' is for compatibility with ancient shells.
(DIR) Post #AoGmTZN36OPDo42ICW by hanno@mastodon.social
2024-11-21T13:16:06Z
0 likes, 0 repeats
@kees @yossarian uh, good to know. I'm pretty sure at some point I've been told (maybe by some linting tool?) that [[ is preferrable to [.
(DIR) Post #AoGmTa9cBpFoEgl4ts by kees@fosstodon.org
2024-11-21T13:22:34Z
0 likes, 0 repeats
@hanno @yossarian Yeah this was a common recommendation long ago to "avoid bash-isms" for compatibility. Since then busybox and dash (the common non-bash "/bin/sh" instances) grew '[' support either internally or via /usr/bin/[
(DIR) Post #AoGmTaC62bEsMNv3lg by hanno@mastodon.social
2024-11-21T13:21:41Z
0 likes, 0 repeats
@kees @yossarian https://www.shellcheck.net/wiki/SC2292 says "[[ .. ]] suppresses word splitting and globbing, supports a wider variety of tests, and is generally safer and better defined than [ .. ]"Not enabled by default in current version, but I believe it was in the past.
(DIR) Post #AoGmTathQU7KXcJsjQ by hanno@mastodon.social
2024-11-21T13:28:25Z
0 likes, 0 repeats
@kees @yossarian I'm confused, this tells me [[ is the bash'ism, and [ the posix thing: https://mywiki.wooledge.org/BashFAQ/031
(DIR) Post #AoGmTbZstdrSeS3ZU8 by kees@fosstodon.org
2024-11-21T13:38:37Z
1 likes, 0 repeats
@hanno @yossarian Ah, I may have it backwards then, but '[' remains the safe one. 😅