On 12/7/14 11:16 PM, Eduardo A. Bustamante López wrote:
> On Sun, Dec 07, 2014 at 07:34:53PM -0800, Linda Walsh wrote:
>> Only if you properly quote "external input".
> Well, that's the whole point, as a script writer, I don't expect to get
> arbitrary code execution here:
>
> | dualbus@hp:~/t$ unset var; value='[$(ls -l)]=1 [2]=2'; declare -a
> var="($value)"; declare -p var
> | bash: total 0: syntax error in expression (error token is "0")
Yeah, that's what we're discussing.
> Or here:
> | dualbus@hp:~/t$ a=(1 2 3); k='a[$(ls -l)]'; echo "${a[k]}"
> | bash: total 0: syntax error in expression (error token is "0")
>
> And I *shouldn't* have to worry about that.
But the ship has sailed on this one. Every shell that implements indexed
arrays does what bash does here.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
