From owner-freebsd-current@FreeBSD.ORG Thu Jan 8 13:05:58 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 22A6410656CF for ; Thu, 8 Jan 2009 13:05:58 +0000 (UTC) (envelope-from dam@c-mal.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.171]) by mx1.freebsd.org (Postfix) with ESMTP id 05E9B8FC1D for ; Thu, 8 Jan 2009 13:05:57 +0000 (UTC) (envelope-from dam@c-mal.com) Received: by wf-out-1314.google.com with SMTP id 24so11626258wfg.7 for ; Thu, 08 Jan 2009 05:05:57 -0800 (PST) Received: by 10.142.50.15 with SMTP id x15mr1591260wfx.280.1231418226150; Thu, 08 Jan 2009 04:37:06 -0800 (PST) Received: by 10.142.215.4 with HTTP; Thu, 8 Jan 2009 04:37:06 -0800 (PST) Message-ID: <57dc0bd10901080437y5f745b4ckf40b48a9d9d55ce8@mail.gmail.com> Date: Thu, 8 Jan 2009 13:37:06 +0100 From: "Damien Fleuriot" To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Bug or unwanted behaviour in echo ? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2009 13:05:58 -0000 Hello list, First of all, my apologies if this issue was already raised and discussed, I haven't found it so far. I was toying around with a site that proposed to hash passwords to MD5, and comparing results with my host running FreeBSD 7.0-STABLE At some point I didn't get the same hash from the website and from BSD. On BSD: echo -n "test'$@" | md5 5c28a8c6d799d302f3ef53afefdfc81b On website: f883cdacbb478c241c51da1f67fbe9bf After swapping characters around I realized that echo just interprets $@ (which in our case is null). So I tried escaping the @ which didn't work: echo -n "test'$\@" | md5 cff4781da603112b5a271891c7c9cc47 Escaping the $ did work however: echo -n "test'\$@" | md5 f883cdacbb478c241c51da1f67fbe9bf I can not think of a concrete example at the moment, but I can imagine a program creating a hash and inadvertently feeding md5 a string containing $? , $@ , $# or $1 for example. This could lead to unwanted results. Anyone knows if this behaviour is intended ? It sure confused me here. Perhaps a switch should be added to tell echo to not parse the $variables ? Or perhaps it should be the natural behaviour to not parse them, and only do it if -e was given ? Regards,