[debbugs-tracker] bug#20796: closed ([PATCH] Document behavior of sed -i -)

[GNU bug Tracking System]

Your message dated Tue, 23 Jun 2015 09:11:10 -0700
with message-id <address@hidden>
and subject line Re: bug#20796: [PATCH] Document behavior of sed -i -
has caused the debbugs.gnu.org bug report #20796,
regarding [PATCH] Document behavior of sed -i -
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
20796: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20796
GNU Bug Tracking System
Contact address@hidden with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH] Document behavior of sed -i -
>
>
>
>
> Date: 
>
> Fri, 12 Jun 2015 17:32:50 +0200
>
>
>
>
> User-agent: 
>
> Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
>
>
>
>
> "sed -i -" does not fail, but it also does not do what one would expect.
> Document it, as it could have security implications:
>
> Example:
> The sed command below looks broken, but it is executed and succeeds:
>
> ln -s /etc/passwd -- -
> echo root | sed -i --follow-symlinks s/root/parrot/ -
>
> Signed-off-by: Stanislav Brabec <address@hidden>
> ---
>  doc/sed-in.texi | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/doc/sed-in.texi b/doc/sed-in.texi
> index 0e10cde..c8f1289 100644
> --- a/doc/sed-in.texi
> +++ b/doc/sed-in.texi
> @@ -180,6 +180,7 @@ sed OPTIONS... [SCRIPT] [INPUTFILE...]
>  @end example
>  
>  If you do not specify @var{INPUTFILE}, or if @var{INPUTFILE} is @file{-},
> +and @option{-i} is not used,
>  @command{sed} filters the contents of the standard input.  The @var{script}
>  is actually the first non-option parameter, which @command{sed} specially
>  considers a script and not an input file if (and only if) none of the
> -- 
> 2.4.2
>
> -- 
> Best Regards / S pozdravem,
>
> Stanislav Brabec
> software developer
> ---------------------------------------------------------------------
> SUSE LINUX, s. r. o.                         e-mail: address@hidden
> Lihovarská 1060/12                            tel: +49 911 7405384547
> 190 00 Praha 9                                 fax:  +420 284 084 001
> Czech Republic                                    http://www.suse.cz/
> PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: bug#20796: [PATCH] Document behavior of sed -i -
>
>
>
>
> Date: 
>
> Tue, 23 Jun 2015 09:11:10 -0700
>
>
>
>
> On Mon, Jun 22, 2015 at 7:06 AM, Jim Meyering <address@hidden> wrote:
> > On Mon, Jun 22, 2015 at 6:43 AM, Stanislav Brabec <address@hidden> wrote:
> >> Jim Meyering wrote:
> >>
> >>> However, rather than documenting this surprising behavior,
> >>> I propose to remove the anomaly altogether with the attached patch.
> >>> Does anyone see a reason to retain the behavior of treating "-"
> >>> like "./-"?
> >>>
> >> The reason is simple: "sed -i" makes no sense on stdin, so the special
> >> handling od "-" is disabled.
> >>
> >> We can either ignore "-i" for stdin, or report error:
> >> "Editing standard input in place is an undefined operation."
> >
> > Ignoring a fundamental user-specified option like -i is not an option,
> > so I chose the latter: to make this nonsensical usage evoke
> > a diagnostic:
> >
> >   $ sed -i s/a/b/ -
> >   sed: couldn't edit -: is a terminal
> >
> > I chose to use the same diagnostic that was already printed for
> > a case like "sed -i s/a/b/ /dev/stdin".  It feels slightly better to
> > include the name of the offending device.
>
> I've pushed that change.
>
>
> --- End Message ---