On Fri, 19 Nov 2021 10:05:39 -0500
Marshall Whittaker <marshallwhitta...@gmail.com> wrote:
> Fair. I'm not saying anyone has to change it, but I will call out what I
> think is a design flaw. But this is going to turn into some philosophical
> discussion as to whether it should have been done this way from the start.
> That I don't know, and hold no responsibility for, as I'm not a bash dev,
> I'm an exploit dev. Maybe an asshole too.
You appear to be missing the implication; it has nothing in particular to do
with bash. Consider the following Perl program. At no point is a shell involved.
@args = glob('*');
system('rm', '-f', @args); # bad
So, would it be Perl's fault that the programmer failed to demarcate the
non-option arguments to rm(1)? Did I just publish a zero-day? No. Absolutely
not.
system('rm', '-f', '--', @args); # better
Granted, one would normally use the native unlink function but that's besides
the point.
--
Kerin Millar
