Edit - Unix & Linux Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

Rev

1

This still seems to be implemented unsafely by Bash, similarly to eval. inc="\$(echo test >&2)", then declare -a x="("${inc}"/*)" outputs test immediately (to stderr).

eel ghEEz
– eel ghEEz

2022-08-25 20:32:28 +00:00
Commented Aug 25, 2022 at 20:32
@eelghEEz thanks for pointing out this, that is really dangerous.

osexp2000
– osexp2000

2022-08-31 11:26:54 +00:00
Commented Aug 31, 2022 at 11:26
@eelghEEz, strangely, I found that ./test.sh "\$(echo test >&2)" runs well, no injection happened, wondering why.

osexp2000
– osexp2000

2022-08-31 11:35:49 +00:00
Commented Aug 31, 2022 at 11:35
Got the reason, it is because I ran QUOTED_ARGS=${@@Q} first, so avoided the injection.

osexp2000
– osexp2000

2022-08-31 11:36:38 +00:00
Commented Aug 31, 2022 at 11:36
@eelghEEz I have tested the injection attempts, it is fine now, no worry.

osexp2000
– osexp2000

2022-08-31 11:45:55 +00:00
Commented Aug 31, 2022 at 11:45

| Show 1 more comment

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »