The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,731 other followers

Kris on Twitter is a bit radical against shell scripts. Learn why.

Posted by jpluimers on 2022/04/13

I say to people: only use shell interactively, don’t write scripts. Never. Not one.
But Kris, they ask, why so radical?
Because of this:

is the literal English Google Translation of the German text

Ich sage den Leuten: benutzt Shell nur interaktiv, schreibt keine Scripte. Nie. Nicht eines.
Aber Kris, fragen sie, wieso so Radikal?
Deswegen:

then links to [Wayback/Archive] Jan Schaumann on Twitter: “TIL zgrep(1) is a shell script. BSD basically does “zcat | grep”, but GNU does “gzip -dc | sed”. How did I learn that? The fun way! CVE-2022-1271, arbitrary-file-write and code execution vulnerability in GNU zgrep / gzip. …”:

Oh, I learned about cowsay: “cowsay is a program that generates ASCII art pictures of a cow with a message.”

Source: [Wayback/Archive] Kris on Twitter: “Ich sage den Leuten: benutzt Shell nur interaktiv, schreibt keine Scripte. Nie. Nicht eines. Aber Kris, fragen sie, wieso so Radikal? Deswegen:” / Twitter

Where I responded if Python would be allowed, spurring some nice responses:

Note, that a few hours later Kris added this [Wayback/Archive]:

You think you can do input sanitation and error handling in the shell, but it’s harder than it looks. A real programming language is much better placed and experience has shown that it is already difficult enough

translated from

Du denkst, Du bekommst input sanitation und error handling in der Shell hin, aber das ist schwieriger als es aussieht. Eine richtige Programmiersprache ist da viel besser aufgestellt und da ist es erfahrungsgemäß schon schwer genug

Which got “35 years of bash scripting. And Kris is still right. Of course there are traps and fuss, but there is always a racing condition that you can’t even guess. Just trying to see if the PoC also works with WSU… 🦹‍♀️😈” from [Wayback/Archive] Millux on Twitter: “@isotopp 35 Jahre bash scripting. Und Kris hat trotzdem Recht. Klar gibts trap und Gedöns, trotzdem gibt es immer eine Racing Condition, die du nicht mal ahnen kannst. Grad mal probiert ob der PoC auch mit WSU… 🦹‍♀️😈”

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: