mailing list archives
Re: BUG in /bin/bash
From: ebradley () andromeda rutgers edu (Eugene Bradley)
Date: Fri, 13 Sep 1996 15:40:57 -0400
-----BEGIN PGP SIGNED MESSAGE-----
on Sep 13, Roger Espel Llima <espel () clipper ens fr> writes:
# That reminds me of a similar "little-known feature" on SunOS and
# Solaris, where /bin/sh interprets '^' as a synonym for '|' :
# $ sh -c 'echo blah ^ cat'
Interestingly, I tested for this same "feature" on an SCO OpenServer
5.0 box and got the same results! Fortunately for me I got a cat:
command not found error upon testing on a FreeBSD 2.1.0-RELEASE box
I also use.
This surprised me as the ^ is now an obsolete synonym for the |
pipeline, and was recommended to be given a wide berth in shell
scripts, as ^ is incompatible with ksh. (from the sh man page on SCO
# Again this could be exploited to fool CGI scripts (and ircII
# scripts too) which execute shell commands with user-supplied data,
# after checking for things like ';', '|' and '&'.
For now I've added ^ to my list of shell command checks when people
want to write CGI scripts.
Hopefully they'll fix sh soon...
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Eugene Bradley | finger me for my PGP public key
webmaster of misery.winter.org
PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E
<a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>