scr shell 'programming' considered harmful

[David Cantrell <david@xxxxxxxxxxxxxxx>]

>>From the latest RISKS digest (issue 21.80):

> Date: 28 Nov 2001 08:50:33 -0800
> From: david-moon@xxxxxxx (David A. Moon)
> Subject: Re: Risks of the space in Unix filenames (Spinellis, R 21 79)
> 
> Some of Mr. Spinellis' suggested fixes won't help when a quote character
> appears in a filename.

The thread was concerning the nasty bug in the installer for Apple's
iTunes 2.0, which broke nastily when hard disks had spaces in their names.
Spinellis suggested quoting all dynamically created filenames in a shell
script.

> This "requoting problem" has been known since before Unix even existed, at
> least within the Multics community.  I remember encountering it myself in
> 1971 or 1972 in the exec_com facility of Multics.
> 
> The root cause and the real source of the risk here is the attempt to use an
> interactive command language as a programming language.
>
>                                                        ... A programming
> language needs a syntax and semantics that don't confuse the data being
> processed with the program doing the processing.

-- 
David Cantrell | david@xxxxxxxxxxxxxxx | http://www.cantrell.org.uk/david

  There is no sigmonster