GNU bug report logs -
#21249
"sed -i '...' -" in git head
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 21249 in the body.
You can then email your comments to 21249 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-sed <at> gnu.org:
bug#21249; Package
sed.
(Thu, 13 Aug 2015 14:16:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Stephane Chazelas <stephane.chazelas <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-sed <at> gnu.org.
(Thu, 13 Aug 2015 14:16:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hello,
about this commit:
> commit c033bdee411128dfebfea1974d1ee3c1d9eac572
> Author: Jim Meyering <meyering <at> fb.com>
> Date: Sat Jun 20 07:38:49 2015 -0700
>
> sed -i: do not treat "-" as a file name
the behaviour was aligned with perl's (where that syntax derives
from).
In perl, perl -pi -e 's/../../' -- *
or perl -pi -e 's/../../' -- "$file"
is known to be /reliable/ (work regardless of the value of $file
(while without -i it's not, see
https://unix.stackexchange.com/questions/170013/security-implications-of-running-perl-ne
(-, cmd|, <file... are a problem there))
That was also /safe/ in sed before that change. Treating "-" as
stdin with -i doesn't make sense as it doesn't make sense to
edit stdin "in-place".
Now that means it breaks scripts that do:
sed -i '...' -- "$file"
expecting it modify $file regardless of the name of $file. Now,
one has to do:
case $file in
-) file=./-
esac
sed -i '...' -- "$file"
for no good reason.
IMO, that change only has negative consequences.
just my 2 cents.
--
Stephane
Information forwarded
to
bug-sed <at> gnu.org:
bug#21249; Package
sed.
(Sun, 03 Jan 2016 03:27:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 21249 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Aug 13, 2015 at 7:15 AM, Stephane Chazelas
<stephane.chazelas <at> gmail.com> wrote:
> Hello,
>
> about this commit:
>
>> commit c033bdee411128dfebfea1974d1ee3c1d9eac572
>> Author: Jim Meyering <meyering <at> fb.com>
>> Date: Sat Jun 20 07:38:49 2015 -0700
>>
>> sed -i: do not treat "-" as a file name
>
> the behaviour was aligned with perl's (where that syntax derives
> from).
>
> In perl, perl -pi -e 's/../../' -- *
>
> or perl -pi -e 's/../../' -- "$file"
>
> is known to be /reliable/ (work regardless of the value of $file
> (while without -i it's not, see
> https://unix.stackexchange.com/questions/170013/security-implications-of-running-perl-ne
> (-, cmd|, <file... are a problem there))
>
> That was also /safe/ in sed before that change. Treating "-" as
> stdin with -i doesn't make sense as it doesn't make sense to
> edit stdin "in-place".
>
> Now that means it breaks scripts that do:
> sed -i '...' -- "$file"
> expecting it modify $file regardless of the name of $file. Now,
> one has to do:
>
> case $file in
> -) file=./-
> esac
> sed -i '...' -- "$file"
>
> for no good reason.
>
> IMO, that change only has negative consequences.
Thank you for the report and good argument.
I plan to revert that change with the attached patch:
[0001-revert-v4.2.2-87-gc033bde-to-make-sed-i-treat-as-a-f.patch (text/x-patch, attachment)]
Reply sent
to
Jim Meyering <jim <at> meyering.net>:
You have taken responsibility.
(Sun, 03 Jan 2016 18:55:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Stephane Chazelas <stephane.chazelas <at> gmail.com>:
bug acknowledged by developer.
(Sun, 03 Jan 2016 18:55:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 21249-done <at> debbugs.gnu.org (full text, mbox):
On Sat, Jan 2, 2016 at 7:25 PM, Jim Meyering <jim <at> meyering.net> wrote:
> On Thu, Aug 13, 2015 at 7:15 AM, Stephane Chazelas
> <stephane.chazelas <at> gmail.com> wrote:
>> Hello,
>>
>> about this commit:
>>
>>> commit c033bdee411128dfebfea1974d1ee3c1d9eac572
>>> Author: Jim Meyering <meyering <at> fb.com>
>>> Date: Sat Jun 20 07:38:49 2015 -0700
>>>
>>> sed -i: do not treat "-" as a file name
>>
>> the behaviour was aligned with perl's (where that syntax derives
>> from).
>>
>> In perl, perl -pi -e 's/../../' -- *
>>
>> or perl -pi -e 's/../../' -- "$file"
>>
>> is known to be /reliable/ (work regardless of the value of $file
>> (while without -i it's not, see
>> https://unix.stackexchange.com/questions/170013/security-implications-of-running-perl-ne
>> (-, cmd|, <file... are a problem there))
>>
>> That was also /safe/ in sed before that change. Treating "-" as
>> stdin with -i doesn't make sense as it doesn't make sense to
>> edit stdin "in-place".
>>
>> Now that means it breaks scripts that do:
>> sed -i '...' -- "$file"
>> expecting it modify $file regardless of the name of $file. Now,
>> one has to do:
>>
>> case $file in
>> -) file=./-
>> esac
>> sed -i '...' -- "$file"
>>
>> for no good reason.
>>
>> IMO, that change only has negative consequences.
>
> Thank you for the report and good argument.
> I plan to revert that change with the attached patch:
Pushed.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 01 Feb 2016 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 8 years and 151 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.