Path: csiph.com!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail
From: Binarus <lists@binarus.de>
Newsgroups: gnu.bash.bug
Subject: Re: Incorrect / Inconsistent behavior with nameref assignments in functions
Date: Mon, 31 Aug 2020 08:34:13 +0200
Lines: 46
Approved: bug-bash@gnu.org
Message-ID: <mailman.1829.1598855661.2469.bug-bash@gnu.org>
References: <a20e4692-69b3-9836-4861-3e822e407ef7@binarus.de> <CAFLRLk8xc4CAR7X_g-B-QMCNtvzVkv5E9kf3EUiD_JUACAfwDA@mail.gmail.com> <5f512e22-fe55-7281-7585-7cffb74299dc@binarus.de> <CAFLRLk9mfWJh5e_8=diERYAAZE7AwPu4YfF-1J-89697itYLrQ@mail.gmail.com> <8022ca1e-58bc-aac2-f5bb-4b852c39f3b8@binarus.de> <20200830145043.GQ931@eeg.ccf.org> <79af4fd8-2b06-42fe-8e0f-6a2caf8d7638@binarus.de>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Trace: usenet.stanford.edu 1598855661 12383 209.51.188.17 (31 Aug 2020 06:34:21 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bug-bash@gnu.org
Envelope-to: bug-bash@gnu.org
X-Envelope-To: <bug-bash@gnu.org>
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=binarus.de; s=b201601; t=1598855654; bh=y4TsfmgxEoOKC3NKJxMXPsl0EJ0DX8OurOIKwToC0i8=; h=Subject:To:References:From:Date:In-Reply-To:From:Reply-To:Subject: Date:To:Cc:Resent-Date:Resent-From:Resent-To:Resent-Cc:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; b=GDzrhPLvIbDLUS7HnB5Yb4icHom1TXnXhWva64jWf8YmJKeVQ1WAtpzp02TPduS2/ zF+XtAoLz1e+oIlt9fpK77YabDp71xFj6tE2L/D2/faCNldpGyAzYd513BHSHwpDXE JEQ30M9ye2SYdywB7KOLOCrSg9dRRPlcLxd6qjmrh6S4z8sxbH6Xc+X1IkruUBeodH uque7Mfuu+s7t9EDxbzRuJQyskSLpmc4XkLZCbK3g2gjJO14iXB309EhzoVGZl7PU4 IJBoVpt/aYegSQgR4bFN+IcS1iqMvH9cUjbKrQtmIxtR2UTo06/xCR0uTswlavn4EL I9xmD8D7vsM1hk69XnsG67sM9xpwI1r9jVgY3QWEWOP08HiF7/X0ni9IoHLG/AKQOw vFGhwdw72Z4d9YG3sFlzEdxCtZPgDzGtHgIKaUkS9yp95YqNEPaO7RFR9O0+P1QMbP swBpB6QJZkQvIEldUHTO68pEmSEpPyrEnwPD9ZSY6iynFXUYKwM/1ky92ZhBLbDhB1 DaS2otrh8CSfM98lS+cYaERkwCSe0akNamACgq6CVNZaRvMBWwd8fI4aG/xuYtXhL/ UI/W2t66NwDrtyV4RhZHetjcY/aEkAhoAD+fDsRjYsB5+IVoFU9+rFvggTSET9qk+Z 1KAPDvfDcJKnT9V49RtrnXc4=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
In-Reply-To: <20200830145043.GQ931@eeg.ccf.org>
Content-Language: en-US
X-Bin-MAIL-FROM: <lists@binarus.de>
X-Bin-RCPT-TO: <bug-bash@gnu.org>
Received-SPF: pass client-ip=144.76.90.229; envelope-from=lists@binarus.de; helo=odysseus.binarus.de
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/31 02:34:14
X-ACL-Warn: Detected OS   = Linux 2.2.x-3.x [generic] [fuzzy]
X-Spam_score_int: -22
X-Spam_score: -2.3
X-Spam_bar: --
X-Spam_report: (-2.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.207, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
X-Mailman-Original-Message-ID: <79af4fd8-2b06-42fe-8e0f-6a2caf8d7638@binarus.de>
X-Mailman-Original-References: <a20e4692-69b3-9836-4861-3e822e407ef7@binarus.de> <CAFLRLk8xc4CAR7X_g-B-QMCNtvzVkv5E9kf3EUiD_JUACAfwDA@mail.gmail.com> <5f512e22-fe55-7281-7585-7cffb74299dc@binarus.de> <CAFLRLk9mfWJh5e_8=diERYAAZE7AwPu4YfF-1J-89697itYLrQ@mail.gmail.com> <8022ca1e-58bc-aac2-f5bb-4b852c39f3b8@binarus.de> <20200830145043.GQ931@eeg.ccf.org>
Xref: csiph.com gnu.bash.bug:16869


On 30.08.2020 16:50, Greg Wooledge wrote:

> The evil thing here is code injection.  Obviously eval is one way to
> perform code injection, but it's not the *only* way.  Eval itself isn't
> evil; if anything, it's all of the other forms of code injection,
> which people don't suspect, that are truly insidious.
> 
> https://mywiki.wooledge.org/CodeInjection
> https://mywiki.wooledge.org/BashWeaknesses
> 
> You're trying to do something that you feel should be possible -- passing
> an array to a function by reference.  Every other language can do this,
> right?  So bash should be able to do this... right?  Nope.
> 
> Passing variables by reference (especially arrays) is one of the
> major missing features of bash.  Everyone wants it.  Many, many people
> have attempted it.  The sheer insanity of some of the attempts is
> astounding.
> 
> https://fvue.nl/wiki/Bash:_Passing_variables_by_reference
> 
> That's a slightly older page, but he found an exploit in "unset" which
> does bizarre things when called at different function scope levels, and
> managed to use it to manipulate the existence of variables at various
> function scopes.
> 
> If you absolutely *need* to pass a variable by reference, don't use bash.
> That's the best advice I can give you.

You are absolutely right, and I have understood this in the meantime.
Unfortunately, there is a substantial amount of work (and thus, money)
in these scripts, and there is a time line, so the moment where I could
dump bash for Perl or Python has passed some time ago.

Hence, I really have to finish these bash scripts, but I have learned my
lesson and in the future won't use bash for anything that is more
complex than a one-liner. Even though bash 5.1 seems to solve my current
problem, I suspect that there are more surprises like this which I just
haven't come across yet.

Thank you very much, and best regards,

Binarus