Re: maybe a bug in bash?

[Sebastian Luhnburg]

Thank you very much for your quick answer!

I am not sure what do you mean with "open the quote"? I try to copy your 
example, but my copy did not work. I wrote this:

#!/usr/bin/env bash

initial_password='$abc&xyz'
echo "initial password: " $initial_password
among_password="${initial_password@Q}"
echo "among password: " $among_password
password="${among_password@Q}"
echo "end password: " $password
bash << EOF
echo "password in here document: " ${password@Q}
/bin/bash -c "echo 'password in subshell in here document: ' ${password@Q}"
EOF


But I got this:
initial password:  $abc&xyz
among password:  '$abc&xyz'
end password:  ''\''$abc&xyz'\'''    # single quotes!
password in here document:  ''\''$abc&xyz'\'''
password in subshell in here document:  ''\''&xyz'\'''


p.s.: in the final script, it is only one SSH:

ssh user@machine << EOF
/bin/bash -c "do something with the password"
EOF


Mit freundlichen Grüßen

Sebastian Luhnburg
IT
----------------------------------------------------------------------
swp software systems GmbH & Co. KG

Königsbrücker Straße 124
01099 Dresden
Tel: 0351-492850
Fax: 0351-4928550
www:https://www.vi-bim.de

Kennen Sie schon unsere FAQ-Wissensdatenbank? Einfach hier 
klicken:https://faq.vi-bim.de

Unsere Datenschutzerklärung finden Sie unterhttps://datenschutz.vi-bim.de

Registergericht: Amtsgericht Dresden HRA 3008
persönlich haftender Gesellschafter:
swp Beteiligungs GmbH
Registergericht: Amtsgericht Dresden HRB 15 20 9
Geschäftsführer: Holger Schönemann, Stefan Urlberger

Am 29.06.23 um 13:00 schrieb Dominique Martinet:
> Sebastian Luhnburg wrote on Thu, Jun 29, 2023 at 11:55:12AM +0200:
> > initial_password="\$abc&xyz"
> > echo "initial password: " $initial_password
> > printf -v password '%q' $initial_password
> > echo "initial password with escaped characters: " $password
> > bash << EOF
> > echo "password in here document: " ${password@Q}
> > /bin/bash -c "echo 'password in subshell in here document: ' ${password@Q}"
> password here is \$abc\&xyz, and the @Q escape just makes
> ${password@Q} '\$abc\&xyz' (adds single quotes).
>
> What running it in a subshell (ssh, or sh/bash -c) changes here is the
> order in which things are unescaped.
>
> Note the here-doc substitutes ${password@Q}, so this is the same as
> running a file with the content:
> ```
> echo "password in here document: " '\$abc\&xyz'
> /bin/bash -c "echo 'password in subshell in here document: ' '\$abc\&xyz'"
> ```
>
> Like this, you can see that in the former case, the echo command gets
> the password in single quotes, while the subshell's echo is first
> interpreted in double-quotess.
> In double-quotes, \$ is simplified to $ (as the lack of backslash would
> just get you the variable)
>
> Note that since the here-doc first expands the variable, you cannot
> solve this by using single quotes: the variable would just end the
> quoting!
>
> ... At which point all you need to do is just to open the quote,
> e.g. the following:
>
> a='$foo&bar'
> b="${a@Q}"
> c="${b@Q}"
> ssh localhost <<EOF
> ssh localhost "echo "$c
> EOF
>
> prints:
> $foo&bar
>
>
> I'd still recommend avoiding embedding ssh in another ssh in a script
> though...

OpenPGP_0x1E7D455B730DAD17.asc
Description: OpenPGP public key

OpenPGP_signature
Description: OpenPGP digital signature