[TUHS] Interesting post by Rob Pike in 1985: Shells, features and interaction
Kurt H Maier
khm at sciops.net
Wed Nov 18 15:15:09 AEST 2015
On Tue, Nov 17, 2015 at 05:56:28PM -0800, Erik E. Fair wrote:
>
> The cause was idiot programmers who wrote CGI scripts for bash
> without proper data sanitization.
>
No, the cause was "idiot programmers" who did not stop processing the
function definition when the function ended. Bash was not conformant
to its own syntax specification. Then they had to fix the same bug for
here documents. While fixing that, someone discovered stack smash among
other bugs in the parser.
Data santitization is important, but that doesn't mean bash doesn't
suck. The fix wasn't "stop exporting functions into the environemnt,"
the fix was to patch bash. Several times.
khm
More information about the TUHS
mailing list