On Tue, Jun 29, 2021 at 02:05:46PM -0700, L A Walsh wrote: > That would be 'me', so I'm going to rule out malicious > code injection! :-), but that's also why I used printf to > write the output, the worst that could happen is some varname > is overwritten with the answer, no?
Sadly, this is not correct. You can still get code injections with printf -v. unicorn:~$ njobs2() { printf -v "$1" %s 42; } unicorn:~$ njobs2 'x[0$(date >&2)]' Tue Jun 29 17:00:29 EDT 2021 > Simpler -- don't use a variable: > > njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; } You're adding a newline to the variable. That may not be what you want. > So...hmmm...how is it that jobs picks up the right answer in what > would seem to be a subshell? Special cased? The subshell inherits the job list from its parent -- it just can't *wait* for any of those jobs, since it isn't their parent. But it can still count them.