Skip to content

Update spec.sh #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Update spec.sh #11

wants to merge 1 commit into from

Conversation

d630
Copy link

@d630 d630 commented Mar 7, 2017

  • Make sure IFS is not set to / etc.
  • Use mksh for version info itself
  • Use grep -E instead egrep
  • Use dirname together with readlink and BASH_SOURCE

@d630
Update spec.sh
c219e0b 
- Make sure IFS is not set to / etc.
- Use mksh for version info itself
- Use grep -E instead egrep
- Use dirname together with readlink and BASH_SOURCE
@andychu
Copy link
Contributor

andychu commented Mar 7, 2017

What's the motivation for these changes? Except for the mksh change, which seems to give more detailed version information, I don't really agree with them.

They might be slight improvements, but they could applied to every script in the repo, and I'd rather concentrate effort on making Oil an example of how to remove these issues with shell.

OSH is basically a vehicle for Oil and no more.

  • Oil won't do word splitting with IFS unless explicitly asked for
  • Oil will have a simple function to get the location of the script being run. And it will have a proper module system.

In other words, we could go add "$var" to every single var expansion, and add "--" to every single command (except the ones that don't support it like "echo"). But I feel like this is an exercise in futility, and we should just write a better shell. I should probably blog about that if the motivation wasn't clear.

Another way of saying it is that the shell scripts basically treat the file system as "trusted" rather than untrusted. I don't think there is any other option in shell. But in Oil, you should be able to write scripts that don't trust their external input.

I also have this page:

https://github.com/oilshell/oil/wiki/Shell-Security-Problems

If there are any other "pedantic" practices that are good, please list them there so we can subsume them in Oil.

@d630
Copy link
Author

d630 commented Mar 12, 2017

Hey, I had no real motivation. Before I send you the spec results, I had a quick look at the script and modified it in the habit of a bash shell scripter, who is condemned to quoting. So, just close the pr, if you want to :)

@andychu
Copy link
Contributor

andychu commented Mar 12, 2017

Yeah this helped me formulate a design goal. Right now in shell you have the tradeoff between what I call Naive Style and Pedantic Style. Note that both of those are slightly negative adjectives.

So most of my scripts are written in Naive Style. But for Oil we want to get rid of the tradeoff. I like the "whipupitude" of shell (in Perl terms), but the problem is that you end up with all these tiny bugs all over place. Death by a thousand cuts.

And honestly I would like to categorize them... there is double quoting and --. Double quoting does several things though:

  • it prevents word splitting
  • it prevents globs from being evaluated from inside variables and command output
  • it prevents brace expansion

etc.

I had a good link on shell security practices, but I can't find it anymore...

I will probably write a blog post about this to clarify the goals.

@andychu andychu closed this Mar 12, 2017
@andychu andychu mentioned this pull request Feb 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@d630 @andychu