Behaviour of $(shell command args) is dangerously different from `command args`

Wed, 10 Apr 2013 09:28:10 -0700 

Hi list,

here's a Makefile distilled from an existing project (see attached file for a 
non-wordwraped version):

> SHELL := /bin/bash
> date := $(shell date -R)
> prevtag := $(shell git describe --tags|cut -d- -f1)
> release:
> #       sed -i "1s#^#$(VERSION) ($(date))\n$(shell git log HEAD...$(prevtag)
> #           '--pretty=format:\\t* %s\\n'|tr -d '\n')\n#1" Changelog
>         sed -i "1s#^#$(VERSION) ($(date))\n`git log HEAD...$(prevtag)
>             '--pretty=format:\\t* %s\\n'|tr -d '\n'`\n#1" Changelog

What I am doing here is building a Changelog file using the output from git.


The problem is that with the first (commented) version of the command, if I 
have a commit message containing something between backquotes, that something 
gets executed by make. In my case I was lucky and just ran into an infinite 
loop executing `make release`, but I would have been in bigger trouble if I 
had a commit to, say, "Protect against unintentional `rm -rf /`."

Since I'm not a make guru, I'm not sure where this fits on the feature/bug 
spectrum, but the fact that the behaviour differs from shell-style backquotes 
(contrary to what "info:/make/Shell Function" leads me to believe) and the 
dangerosity of it makes me feel it is a bug.

If the behaviour is expected (why ?), it would be usefull to explain the 
difference between `command` and $(shell command) in the info pages.


I am using GNU Make 3.82 Built for x86_64-pc-linux-gnu from Gentoo packages.

Please CC me in replies, as I am not subscribed to the list.
-- 
Vincent de Phily
SHELL := /bin/bash
date := $(shell date -R)
prevtag := $(shell git describe --tags|cut -d- -f1)
release:
#dangerous: this will execute backticks-enclosed commands found in the commit logs
#	sed -i "1s#^#$(VERSION) ($(date))\n$(shell git log HEAD...$(prevtag) '--pretty=format:\\t* %s\\n'|tr -d '\n')\n#1" Changelog
#no problem with this version: the return from the shell command is not evaluated again
	sed -i "1s#^#$(VERSION) ($(date))\n`git log HEAD...$(prevtag) '--pretty=format:\\t* %s\\n'|tr -d '\n'`\n#1" Changelog

_______________________________________________
Bug-make mailing list
Bug-make@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-make

Reply via email to