Date: Thu, 8 Jan 2009 13:37:06 +0100 From: "Damien Fleuriot" <dam@c-mal.com> To: freebsd-current@freebsd.org Subject: Bug or unwanted behaviour in echo ? Message-ID: <57dc0bd10901080437y5f745b4ckf40b48a9d9d55ce8@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list, First of all, my apologies if this issue was already raised and discussed, I haven't found it so far. I was toying around with a site that proposed to hash passwords to MD5, and comparing results with my host running FreeBSD 7.0-STABLE At some point I didn't get the same hash from the website and from BSD. On BSD: echo -n "test'$@" | md5 5c28a8c6d799d302f3ef53afefdfc81b On website: f883cdacbb478c241c51da1f67fbe9bf After swapping characters around I realized that echo just interprets $@ (which in our case is null). So I tried escaping the @ which didn't work: echo -n "test'$\@" | md5 cff4781da603112b5a271891c7c9cc47 Escaping the $ did work however: echo -n "test'\$@" | md5 f883cdacbb478c241c51da1f67fbe9bf I can not think of a concrete example at the moment, but I can imagine a program creating a hash and inadvertently feeding md5 a string containing $? , $@ , $# or $1 for example. This could lead to unwanted results. Anyone knows if this behaviour is intended ? It sure confused me here. Perhaps a switch should be added to tell echo to not parse the $variables ? Or perhaps it should be the natural behaviour to not parse them, and only do it if -e was given ? Regards,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57dc0bd10901080437y5f745b4ckf40b48a9d9d55ce8>