Comments (5)
niieani
commented on July 27, 2024
I am aware of the problem and that this is a less-than-perfect workaround. However, I have not found any better way of getting variables out of a subshell. Do you have any better ideas?
Concurrency issue would be fixable by adding a $PID in front of the name. We could also use a location relative to the library with strict permissions for writing only by the user running the script. Not sure it that would fix the vulnerability in full, though.
Thanks for participating!
from bash-oo-framework.
charles-dyfis-net
commented on July 27, 2024
mktemp -- creating destinations guaranteed to be unique and to which no other user can write -- is the canonical best practice. Set such a variable in the parent process, use it from the children. (Portability makes things a bit more complex; GNU mktemp and the BSD versions don't have completely identical usage -- but this is very much possible to work around)
from bash-oo-framework.
niieani
commented on July 27, 2024
That might work. Though the file would have to be created preemptively, otherwise we'd have the same problem with getting it's filename.
from bash-oo-framework.
charles-dyfis-net
commented on July 27, 2024
Yup. Using an exit trap would make eager creation less awful from a cleanup perspective.
from bash-oo-framework.
niieani
commented on July 27, 2024
Fixed in d555fe2.
from bash-oo-framework.
Related Issues (20)
- Is the project dead? HOT 3
- Sorry, a bit cheeky/impolite... HOT 2
- error handling with throw / command_not_found_handle HOT 3
- Unbound variables cause a crash when running examples with 'set -u' HOT 3
- [bug?] `throw` is said to be 'undefined command' when `import` fail HOT 5
- Catch exception from Classes doesn't work HOT 7
- Inconsistent array assignments HOT 3
- Translating README into Japanese
- for people who want to use Bpkg to install this framework HOT 1
- example/trycatch.sh doesn't work as expected
- Make wiki page
- [Question] Does value of '__primitive_extension_fingerprint' have special meaning?
- update readme instructions for namedParameters
- util/exception.sh shows stack trace as expected but don't exit on Ctrl+C HOT 2
- False boolean not working HOT 1
- Referring this in Human example class doesn't work as described HOT 1
- Exception messages are invisible in light theme mode in Shell console.
- [Question] Is this project still alive? HOT 6
- [Discussion] Log API
- Using a variable for an Object name
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bash-oo-framework.