On Thu, 2009-06-04 at 14:14 +0200, Bill Allombert wrote: > Consider this example: the safe "printf" way to do > echo $BAR > is > printf "%s\n" "$BAR" > > (in case BAR hold a value like BAR="%s a") > So printf is slightly unwiedly to use and it can create > format string attack.
It does, however, have the advantage of working if BAR contains "-E". (This isn't a contrived example, it's why I recently changed the parsing of DEBUILD_LINTIAN_OPTS to use printf rather than echo; if there's a sane way of printing "-E" using echo I'd love to know what it is). Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
