About the fatal perils and traps of many modern tools that handle "shell commands" as passed through system(3) or sh -c . Or, how by the end of 2020, we still haven't given up on shell's equivalent "SQL building", or how shell's equivalent "SQL injection" still thrives in our engineering world... Plus a glibc bug, then a Linux man pages bug, then a POSIX specification bug...
If you appreciate the insights shared in this article and you or your company are facing technical challenges or seeking to introduce innovations to the market, consider reaching out to our small family-owned company . We are committed to addressing the IT needs of fellow small businesses.
Some context
(For those interested only in the glibc and POSIX issues, see at the end.)
I use Linux almost everywhere, from laptops and desktops to servers and routers, and over the course of many years I've written quite a few bash scripts that ease my interaction with all of these.
The usual "stack" that ties all of these together is composed of:
bash , obviously for scripting;
, obviously for scripting; ssh , for remote execution;
, for remote execution; i3 , the window manager for desktop environments;
, the window manager for desktop environments; screen , for terminal multiplexing;
... continue reading