Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #15558
| Path | csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Eli Schwartz <eschwartz@archlinux.org> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: Feature Request: Custom delimeter for single quotes |
| Date | Sat, 2 Nov 2019 20:23:29 -0400 |
| Lines | 113 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.474.1572740627.13325.bug-bash@gnu.org> (permalink) |
| References | <CAOnw=2J6fse6U=6zofMW7pORp0yTere_DYYSKGS6hf5xK2PuQA@mail.gmail.com> <13ecc4db-2b5e-95dd-2445-78191b9c01dd@iki.fi> <CAOnw=2KqGqE3zciZBqyFOBG8DxUDeCaBJUs7g2keUoKhQB0RLw@mail.gmail.com> <fe3ea34e-5af1-4e33-4107-41975dfb852b@archlinux.org> <CAOnw=2JXTMic2sW5QWRrBiBDh83kEAMVBjX2X-Qwo5jLAWh_ww@mail.gmail.com> <1b1da22e-10fd-1dd1-ce28-33e17fed0ffd@archlinux.org> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Ioma5PL1PITbxblKpv5tigwnLtniGH3zM" |
| X-Trace | usenet.stanford.edu 1572740628 12342 209.51.188.17 (3 Nov 2019 00:23:48 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bug-bash@gnu.org |
| To | Patrick Blesi <patrick.blesi@gmail.com> |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=orion; t=1572740613; bh=hjIvmC4f/IO5TFhjh0CufASPQNbGm4H9qOhAgR11GXc=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=E4/zAn+8x427sH07i6tIm1Ry2lEhefT/XekOeW63yY4Q9UprtVhvQkbePxZpZJA8l QZWxE5iWnYDjp4BqVbgXYhoAETHNDN9Q7XMwAlI4Hh/Y2EwT0pfds81PHhFZmSqzea jEUpQHCIIsukeU7RNcYCnIyj8Qunn8LLb6ynIEr0kvBjF3AdXOEvJHnxvMSj3OJcbL 2/WQAoxBZl/wK2VnMfAd88i8IxT4grPWho5JYdN2nTqwtScqUZ6UROhqxdiOCx/IQK unT2Kg95SKyLu0xVEaxfh56QOivmYINBp6p9TNLiGwtmMTu9lYPYZpjoGAz2f+UKwH FvhCCUO7EyowhttM0mWYrZA4gNTwHmIyx4u6mFKGWk4FZYJpHmsa99hSmJxyPur+SV eUyZ4NcJmOnnbpQv7/OkGGW6QkzYPK7cfFQcIYtBMxFL8eQ8rRVqHdnia/LOU7Bfbz XmZGcrTfFHUAChF2FH/zF6xjR2WNBlw3H665aMFEw6mvOau8JOAiBNVQZ9a+2X4xJW 6PEZoWGaScAi9/jMIR28po8UhAghyV1FCtqC62RcFYl8WZdRgzcDHON3iZcStj4khg 2baxZcnJ6G6u79711eXDZe2gIeG5ujvQPBjLL+AeE+4Mfo6CxGEdaQKRo9tQPllU6i lrCgGCatgu8La/72g+quHzOo= |
| X-Clacks-Overhead | GNU Terry Pratchett |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.0 |
| In-Reply-To | <CAOnw=2JXTMic2sW5QWRrBiBDh83kEAMVBjX2X-Qwo5jLAWh_ww@mail.gmail.com> |
| X-detected-operating-system | by eggs.gnu.org: Genre and OS details not recognized. |
| X-Received-From | 2a01:4f8:160:6087::1 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.23 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <https://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <1b1da22e-10fd-1dd1-ce28-33e17fed0ffd@archlinux.org> |
| X-Mailman-Original-References | <CAOnw=2J6fse6U=6zofMW7pORp0yTere_DYYSKGS6hf5xK2PuQA@mail.gmail.com> <13ecc4db-2b5e-95dd-2445-78191b9c01dd@iki.fi> <CAOnw=2KqGqE3zciZBqyFOBG8DxUDeCaBJUs7g2keUoKhQB0RLw@mail.gmail.com> <fe3ea34e-5af1-4e33-4107-41975dfb852b@archlinux.org> <CAOnw=2JXTMic2sW5QWRrBiBDh83kEAMVBjX2X-Qwo5jLAWh_ww@mail.gmail.com> |
| Xref | csiph.com gnu.bash.bug:15558 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
On 11/2/19 12:27 PM, Patrick Blesi wrote: > Upon further inspection, what Andreas pointed out is actually what I need. > Just to close the loop on everything... > > It looks like Ruby does support execution with and without a shell: > https://apidock.com/ruby/Kernel/system. > > The reasoning for using two programming languages is that sometimes it is > easier to accomplish things in Ruby and sometimes it is easier to > accomplish things in a shell. Providing the user the option to implement > something via shell or via Ruby allows for maximum flexibility and utility. What features of a shell are you using here? The only shell code which you are running is: tmux send-keys -t %1 q C-u "$command" C-m This uses no shell syntax -- no if/while/for loops, word splitting, no pipes, no shell builtin utilities, no process substitution, no arithmetic expansion, and no tilde expansion. The only thing it uses is variable expansion, but that is because you're using lots of additional shell goop to insert a complex command into a shell variable in order to do quotation magic for $command, instead of passing it via argv. I am certainly not going to claim that it's wrong for ruby to include a system() analogue. :/ I'm not even going to claim that it's wrong to seek ways to handle single quotes in ruby's system() analogue, even though I think it probably makes a lot more sense to use a shellescape library for that. (General rule of thumb for shellescaping strings: replace every instance of a single quote with the four-character sequence: '\'' and then single-quote the whole thing. Single quotes suppress interpretation of everything other than single quotes, and for the single quotes themselves, you temporarily leave the quoting context and use a backslash-escaped single quote.) What I am going to claim is that you're incorrect for thinking you must use a shell in the first place. Save your escaping tricks for cases where you actually require interpreting your command in a shell, and for this case here, use an exec. It's not just about security, which you've already stated is not about being secured. It's not just about avoiding erroneous handling, since your tremendous hack "probably" works, and shellescape routines work somewhat more reliably, so avoiding erroneous handling can be done. It's also about efficiency: you're randomly introducing a shell in order to run your subprocess, even though you don't need a shell at all, and as a result your program runs slower, because it proxies subprocesses through additional helper processes (in this case the shell). Why are you going through convoluted, non-intuitive steps in order to take a ruby variable and pass it as one of a series of arguments to the "tmux" subprocess by first converting it to a shell variable using dark sorcery and doing the passing of arguments in shell code? Moreover since not only do you not want to interpret the user-provided input as shell metacharacters, but you don't even want to use shell metacharacters in your hardcoded component either. -- Eli Schwartz Arch Linux Bug Wrangler and Trusted User
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: Feature Request: Custom delimeter for single quotes Eli Schwartz <eschwartz@archlinux.org> - 2019-11-02 20:23 -0400
csiph-web