[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#20796: [PATCH] Document behavior of sed -i -
|
From: |
Jim Meyering |
|
Subject: |
bug#20796: [PATCH] Document behavior of sed -i - |
|
Date: |
Sat, 20 Jun 2015 20:01:20 -0700 |
On Fri, Jun 12, 2015 at 8:32 AM, Stanislav Brabec <address@hidden> wrote:
> "sed -i -" does not fail, but it also does not do what one would expect.
> Document it, as it could have security implications:
>
> Example:
> The sed command below looks broken, but it is executed and succeeds:
>
> ln -s /etc/passwd -- -
> echo root | sed -i --follow-symlinks s/root/parrot/ -
>
> Signed-off-by: Stanislav Brabec <address@hidden>
> ---
> doc/sed-in.texi | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/doc/sed-in.texi b/doc/sed-in.texi
> index 0e10cde..c8f1289 100644
> --- a/doc/sed-in.texi
> +++ b/doc/sed-in.texi
> @@ -180,6 +180,7 @@ sed OPTIONS... [SCRIPT] [INPUTFILE...]
> @end example
>
> If you do not specify @var{INPUTFILE}, or if @var{INPUTFILE} is @file{-},
> +and @option{-i} is not used,
> @command{sed} filters the contents of the standard input. The @var{script}
> is actually the first non-option parameter, which @command{sed} specially
> considers a script and not an input file if (and only if) none of the
Thank you for the patch.
However, rather than documenting this surprising behavior,
I propose to remove the anomaly altogether with the attached patch.
Does anyone see a reason to retain the behavior of treating "-"
like "./-"?
0001-sed-i-do-not-treat-as-a-file-name.patch
Description: Binary data