Bruno Haible <[email protected]> writes: > Collin Funk wrote: >> every single unescaped string as a "security vulnerability". > > Replicating every argument literally (like 'ls --literal') is > not a security vulnerability. But it is an instance of "garbage in - > garbage out": If the user passes, say, an ANSI escape sequence for > clearing the terminal's screen, only low-quality implementations > will replicate it on stdout literally. And even without escape > sequences, there's a difference between > $ rm 'the prime minister' > /bin/rm: cannot remove the prime minister: No such file or directory > and > $ rm 'the prime minister' > /bin/rm: cannot remove 'the prime minister': No such file or directory
Yes, I agree. I just dislike the alarmism. >> However, for printing arguments given by the user > > No, the user is in general not aware of all arguments passed to all > commands. In general, the user might be using or invoking a program A, > that invokes a program B (with arguments that A has computed), that > invokes C (with computed arguments again), and so on, until some > of these programs invokes 'gzip'. When something goes wrong, the user > will see the diagnostics from 'gzip', but the user is not the one > who provided / understood / acknowledged the arguments passed to 'gzip'. I see your point. But in my head I think of the "user" as program X which knows the arguments it gives to gzip. Collin
