Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > gnu.bash.bug > #11377 > unrolled thread

Re: quoted compound array assignment deprecated

Started byChet Ramey <chet.ramey@case.edu>
First post2015-08-18 15:54 -0400
Last post2015-08-18 15:54 -0400
Articles 1 — 1 participant

Back to article view | Back to gnu.bash.bug

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: quoted compound array assignment deprecated Chet Ramey <chet.ramey@case.edu> - 2015-08-18 15:54 -0400

#11377 — Re: quoted compound array assignment deprecated

FromChet Ramey <chet.ramey@case.edu>
Date2015-08-18 15:54 -0400
SubjectRe: quoted compound array assignment deprecated
Message-ID<mailman.8562.1439927653.904.bug-bash@gnu.org>
On 8/18/15 1:52 PM, isabella parakiss wrote:

> Sorry for being both pedantic and late for that discussion but what's the
> point of this warning?  From my understanding, the code is still valid, so
> it doesn't stop a possible attacker and it only annoys regular users.

It's meant as an indication that this form of assignment will not be
treated as a compound array assignment in the future.  The idea is that
you give users plenty of warning and plenty of opportunity to change
their scripts without impacting function or breaking existing scripts
on a minor version upgrade.

There are legitimate security concerns with having declare treat an
expanded variable as specifying a compound array assignment.  Stephane
did a nice job of going through them, and the discussion is illuminating.

> Using eval requires an extra level of escaping on everything else, I'd
> rather use declare 2>/dev/null to suppress the warning than eval...

Your choice, of course.

> Idea: display the warnings in -n mode, like ksh.
> This way bash wouldn't produce unexpected results on existing scripts, it
> wouldn't even require a new compatibility level and shopt.
> What do you think about it?

Very few people run bash -n.  It's a nice idea, but it wouldn't have the
reach I'm looking for.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
		 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/

[toc] | [standalone]

Back to top | Article view | gnu.bash.bug

csiph-web