On 12/9/14 5:51 PM, konsolebox wrote:
> On Tue, Dec 9, 2014 at 7:29 AM, Linda Walsh <[email protected]> wrote:
>
>> Instead of dumbing down bash, why not lobby for bash to record
>> which variables contain tainted input -- and throw an error they are eval'ed
>> (based on an option setting, of course)?
>
> For compatibility's sake I think it's a good idea to have an option
> (through shopt [and set / a command-line argument]) to make a strict
> behavior of declare in which assignment of variables are strictly the
> same as the way they are normally assigned without it.
This is unnecessarily limiting. There's no reason to completely disallow
constructs like `declare -x $one=$two' or even `declare -l a=$value'. The
question is what to do about potentially dangerous -- from some
perspectives -- uses of those constructs. So far we've identified
compound assignment as one of those uses; assignment to an associative
array using a subscript containing a command substitution might be another.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU [email protected] http://cnswww.cns.cwru.edu/~chet/
