[tex-k] Brace expansion question

Tomas Rokicki rokicki at gmail.com
Mon Oct 23 01:05:18 CEST 2017


Interesting!  I'd say it *could* matter, but probably only in odd
circumstances.

It also introduces yet another shell attack; something like the following
locks
up bash pretty hard, with no response to control-C or control-Z or other
control characters:

   echo
{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}{a,b,c}



On Sun, Oct 22, 2017 at 3:03 PM, Douglas McKenna <doug at mathemaesthetics.com>
wrote:

> All -
>
> The kpathsea library performs various shell-style expansions.  One of them
> is brace expansion, typically accomplished first before other types of
> expansion (like tilde and environment variables).  This is accomplished
> recursively with several routines in the library's "expand.c" source file,
> in particular a routine called … brace_expand().
>
> To understand how this works, I was trying some test cases and comparing
> them against the results I get from the shell on my MacOS computer, and
> after several successes I found a discrepancy.
>
> In the shell that my MacOS terminal app runs (bash, I think), if I issue
> the command
>   echo a{b,c}de{f,g}hi
> the result is
>   abdefhi abdeghi acdefhi acdeghi
>
> Whereas, the list of expanded strings returned by brace_expand() for the
> same input string is
>  [0]: "abdefhi"
>  [1]: "acdefhi"
>  [2]: "abdeghi"
>  [3]: "acdeghi"
>
> It's the same set of expansion strings, but in a different order.  In one
> case expansion appears distributed left-to-right, and in the other,
> right-to-left.  This web page for bash says expansion should proceed left
> to right:
>
> <https://www.gnu.org/software/bash/manual/html_node/Brace-Expansion.html>
>
> Does this represent an incompatibility worthy of understanding/fixing?
> Does it matter that kpathsea is doing things differently?  Presumably,
> kpathsea can't change, because this could affect the order of path
> resolutions of various kinds.
>
> Or am I missing something?
>
> TIA,
>
> Doug McKenna
> Mathemaesthetics, Inc.
>
>
>
>
>


-- 
--  http://cube20.org/  --  http://golly.sf.net/  --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/tex-k/attachments/20171022/a0582a31/attachment.html>


More information about the tex-k mailing list