2015-03-05 15:20:44 -0500, Chet Ramey: [...] > For example, I never do this: > > > $ perl -ne 'print if /foo/' * > > I just use grep directly.
That was just a basic example. What about: sed 's/foo/bar/g' * ? > Or this: > > > rm -- * [...] Then, you're in for some bad surprise some day. You should definitely do that in scripts that you share with others at least. Not doing it is introducing a security vulnerability. sed 's/foo/bar/' * is OK with non-GNU seds, but with GNU sed (that accepts options after arguments), it's an arbitrary command execution vulnerability. For instance if there's a file called -e1s:.*:uname>\&2:e (left there by another cheeky user, some malware, a dodgy tarball (like bash's that contain a -i file :-b)) sed s/foo/bar/ * runs uname for every non-empty file in the directory. -- Stephane
