Andy Pieters wrote: > On Sunday 27 November 2005 22:59, Steven Stern wrote: > >>sa-learn --spam --mbox /home/*/mail/should-be-spam >>sa-learn --ham --mbox /home/*/mail/should-be-ham > > > Isn't this dangerous? I mean, what if a user saves a message with the name > "|passwd -d" (without quotes) > > It would get executed then as > > sa-learn --spam --mbox /home/*/mail/should-be-spam|passwd -d
No. To begin with, when the shell expands glob patterns, it doesn't suddenly treat special characters in filenames specially (that would be suicidal); it simply treats them as part of the filenames they are in fact part of. Furthermore, there isn't even any * or ? to expand at the ends of Steven's commands. Try this: Create a file named "|echo foo", then run "echo bar *echo*". "*echo*" matches the file just created, but the result isn't the execution of echo bar |echo foo (which would output "foo"). Instead, it does this: echo bar "|echo foo" (which outputs "bar |echo foo"). -- Magnus Holmgren
