(Copying the list back in ...)
On Fri, 19 Nov 2021 17:37:54 +0100
Andreas Kusalananda Kähäri <andreas.kah...@abc.se> wrote:
> On Fri, Nov 19, 2021 at 03:56:21PM +0000, Kerin Millar wrote:
> > On Fri, 19 Nov 2021 10:05:39 -0500
> > Marshall Whittaker <marshallwhitta...@gmail.com> wrote:
> >
> > > Fair. I'm not saying anyone has to change it, but I will call out what I
> > > think is a design flaw. But this is going to turn into some philosophical
> > > discussion as to whether it should have been done this way from the start.
> > > That I don't know, and hold no responsibility for, as I'm not a bash dev,
> > > I'm an exploit dev. Maybe an asshole too.
> >
> > You appear to be missing the implication; it has nothing in particular to
> > do with bash. Consider the following Perl program. At no point is a shell
> > involved.
>
> I believe system() in Perl may well invoke sh -c depending on the
> arguments given. See "perldoc -f system".
Yes, but there would need to be "one scalar argument".
> > @args = glob('*');
> > system('rm', '-f', @args); # bad
At least two arguments are given there. Granted, the win32 port is an outlier
but the sample clearly isn't intended for it.
--
Kerin Millar
