Techly NewsGet the app

Get the latest tech news

TIL: Some surprising code execution sources in bash


wo surprising sources of code execution in bash (and probably other shells) recently. In a historic context these probably weren't too serious of a problem, but in the context of CI systems where everything is a rats' nest of shell and YAML they could be useful execution primitives.

But nope: because of-eq, num is treated with bash's arithmetic evaluation rules, meaning that this works: Note the single quotes:$(cat /etc/passwd > ~/pwned) is not executed eagerly as a parameter to guess, but as part of the evaluation of-eq within[[. The same surprising code execution source exists with test -v var, under the same conditions as arithmetic expressions (needs to use the builtin, not the standard binary):

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Bash

Bash

Photo of TIL

TIL

Related news:

News photo

A bullet hell game written in bash

News photo

Show HN: Ward – a file vault written in bash

News photo

TIL: Versions of UUID and when to use them

« What made Dostoevsky's work immortal
Bluesky Says It Won’t Screw Things Up »