Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Wheeler: Fixing Unix/Linux/POSIX Filenames
Posted Mar 26, 2009 15:08 UTC (Thu) by michaeljt (subscriber, #39183)
Posted Mar 26, 2009 19:49 UTC (Thu) by dwheeler (guest, #1216)
[The shell] could also recognise the null character as an argument separator as in 'find -print0'. It could even set some environment variable to tell tools like find that this is supported so that they can use it by default when not outputting to the console.
Yes, I already added the "shell could recognize null as separator". And you're right, adding an environment variable could help (though it could also backfire on older scripts!).
While on that subject, the shell could enforce that substitutions that resolve to the arguments for other commands are not allowed to spill over (e.g. VAR='myfile; rm -rf /'; ls $VAR).
This particular example doesn't do quite what you think; it just passes to ls several values: "myfile;", "rm", "-rf", and "/", and you end up with some error messages and a listing of "/". But with more tweaking, you can definitely get some exploits out of this approach. Which is why removing the space character from IFS is a big help - then VAR would become a single parameter again.
Posted Mar 28, 2009 1:11 UTC (Sat) by nix (subscriber, #2304)
It was removed, but I can't remember why: some sort of compatibility
Posted Mar 31, 2009 7:47 UTC (Tue) by michaeljt (subscriber, #39183)
Posted Mar 31, 2009 19:28 UTC (Tue) by nix (subscriber, #2304)
Posted Apr 3, 2009 18:49 UTC (Fri) by anton (guest, #25547)
It could also recognise the null character as an argument
separator as in 'find -print0'.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds