Timeline for Why and when should eval use be avoided in shell scripts? [duplicate]
Current License: CC BY-SA 3.0
15 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 13, 2017 at 12:36 | history | edited | CommunityBot |
replaced http://unix.stackexchange.com/ with https://unix.stackexchange.com/
|
|
| May 12, 2016 at 0:08 | history | edited | Wildcard | CC BY-SA 3.0 |
added 234 characters in body
|
| Apr 23, 2016 at 18:20 | history | closed |
cuonglm Anthon garethTheRed Jakuje MelBurslan |
Duplicate of What is the "eval" command in bash? | |
| Apr 23, 2016 at 4:20 | answer | added | Zombo | timeline score: 0 | |
| Apr 23, 2016 at 3:56 | comment | added | Wildcard |
@cuonglm, judging by the enormous number of extremely detailed answers to this question, I would probably get more in-depth answers here if I were insisting loudly that there is nothing wrong with eval and it can and should be conveniently used to parse all user input. ;) Even though that question started out as a rant, it is now the link to provide as to "why not parse ls?"
|
|
| Apr 23, 2016 at 3:53 | comment | added | Wildcard | @cuonglm, it's mentioned in passing very briefly, in most cases. I think changing the name would invalidate the answers given, which mostly don't really address the security issues in depth. | |
| Apr 23, 2016 at 3:48 | comment | added | cuonglm | @Wildcard: But many answer in that question also mention the security issues. Maybe we should make that question title changed? | |
| Apr 23, 2016 at 3:47 | comment | added | Wildcard |
@cuonglm, I think we need a canonical "Why not use eval?" that we can point to and which explains the potential security holes when using this command. The question you've linked is in my opinion not the same at all, any more than "How can I list the files in a directory?" is the same as "Why shouldn't I parse the output of ls?"
|
|
| Apr 23, 2016 at 3:45 | history | edited | Wildcard | CC BY-SA 3.0 |
added 445 characters in body
|
| Apr 23, 2016 at 3:19 | review | Close votes | |||
| Apr 23, 2016 at 18:20 | |||||
| Apr 22, 2016 at 22:49 | answer | added | user79743 | timeline score: 10 | |
| Apr 22, 2016 at 22:44 | comment | added | don_crissti | See also bash eval builtin command and the links there... | |
| Apr 22, 2016 at 20:57 | answer | added | Thomas Dickey | timeline score: 11 | |
| Apr 22, 2016 at 20:56 | comment | added | muru |
If someone manages to sneak in unfiltered user input to an eval'd string…
|
|
| Apr 22, 2016 at 20:14 | history | asked | Wildcard | CC BY-SA 3.0 |