On Thursday 04 June 2009 07:14:25 Bill Allombert wrote: > On Thu, Jun 04, 2009 at 11:53:19AM +0200, Raphael Hertzog wrote: [...] > > Ugliness is relative. I have no problem with printf. > > Consider this example: the safe "printf" way to do > echo $BAR > is > printf "%s\n" "$BAR" > > (in case BAR hold a value like BAR="%s a") > So printf is slightly unwiedly to use and it can create > format string attack.
If not used properly, just like many other features/tools can lead to some sort of security issue. Adding a note that passing variables as the first argument to printf should only be done when the necessary precautions to avoid string attacks have been taken. Similar to what it says about temporary files. > > > For the second argument: > > > > [ using bash ] > > $ type printf > > printf is a shell builtin > > $ dash > > $ type printf > > printf is a shell builtin > > > > There's no external executable needed. > > Are all these shell builtin compatible with /usr/bin/printf ? Yes, because printf is well defined. Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
