Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > gnu.bash.bug > #16869

Re: Incorrect / Inconsistent behavior with nameref assignments in functions

From Binarus <lists@binarus.de>
Newsgroups gnu.bash.bug
Subject Re: Incorrect / Inconsistent behavior with nameref assignments in functions
Date 2020-08-31 08:34 +0200
Message-ID <mailman.1829.1598855661.2469.bug-bash@gnu.org> (permalink)
References (2 earlier) <5f512e22-fe55-7281-7585-7cffb74299dc@binarus.de> <CAFLRLk9mfWJh5e_8=diERYAAZE7AwPu4YfF-1J-89697itYLrQ@mail.gmail.com> <8022ca1e-58bc-aac2-f5bb-4b852c39f3b8@binarus.de> <20200830145043.GQ931@eeg.ccf.org> <79af4fd8-2b06-42fe-8e0f-6a2caf8d7638@binarus.de>

Show all headers | View raw

On 30.08.2020 16:50, Greg Wooledge wrote:

> The evil thing here is code injection.  Obviously eval is one way to
> perform code injection, but it's not the *only* way.  Eval itself isn't
> evil; if anything, it's all of the other forms of code injection,
> which people don't suspect, that are truly insidious.
> 
> https://mywiki.wooledge.org/CodeInjection
> https://mywiki.wooledge.org/BashWeaknesses
> 
> You're trying to do something that you feel should be possible -- passing
> an array to a function by reference.  Every other language can do this,
> right?  So bash should be able to do this... right?  Nope.
> 
> Passing variables by reference (especially arrays) is one of the
> major missing features of bash.  Everyone wants it.  Many, many people
> have attempted it.  The sheer insanity of some of the attempts is
> astounding.
> 
> https://fvue.nl/wiki/Bash:_Passing_variables_by_reference
> 
> That's a slightly older page, but he found an exploit in "unset" which
> does bizarre things when called at different function scope levels, and
> managed to use it to manipulate the existence of variables at various
> function scopes.
> 
> If you absolutely *need* to pass a variable by reference, don't use bash.
> That's the best advice I can give you.

You are absolutely right, and I have understood this in the meantime.
Unfortunately, there is a substantial amount of work (and thus, money)
in these scripts, and there is a time line, so the moment where I could
dump bash for Perl or Python has passed some time ago.

Hence, I really have to finish these bash scripts, but I have learned my
lesson and in the future won't use bash for anything that is more
complex than a one-liner. Even though bash 5.1 seems to solve my current
problem, I suspect that there are more surprises like this which I just
haven't come across yet.

Thank you very much, and best regards,

Binarus

Back to gnu.bash.bug | Previous | Next | Find similar

Thread

Re: Incorrect / Inconsistent behavior with nameref assignments in functions Binarus <lists@binarus.de> - 2020-08-31 08:34 +0200

csiph-web