On 3/20/19 7:36 AM, Daniel Kahn Gillmor wrote: > On Tue 2019-03-19 09:31:55 -0400, Greg Wooledge wrote: >> There are scripts that *rely* on the seekability of the temporary files >> created by here-documents and here-strings. "Improving" the "situation" >> would break backward compatibility. > > i hope you noticed that of my suggested improvements, only one of them > (a) breaks seekability. Do you have a preference among the other > proposals? I'm partial to memfd_create(2) on platforms that support it, > though i'm not sure how to turn that file descriptor into O_RDONLY > before the exec.
I can't see one by looking at the man page on the web, but I don't have
ready access to a system that implements memfd_create.
>> There is simply NO valid reason to write <<<"$secret" in a script, and
>> thus there is no need to "improve" anything other than the scripts
>> that are doing that. Use a pipe instead.
>
> Not all tools take their secret inputs on stdin. indeed, some are
> explicitly designed to accept special values on other file descriptors.
>
> How do you replicate 3<<<"$secret" with a pipeline?
This is the kind of thing process substitution is good for.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU [email protected] http://tiswww.cwru.edu/~chet/
signature.asc
Description: OpenPGP digital signature
