Bug or unwanted behaviour in echo ?
Damien Fleuriot
dam at c-mal.com
Thu Jan 8 05:05:58 PST 2009
Hello list,
First of all, my apologies if this issue was already raised and
discussed, I haven't found it so far.
I was toying around with a site that proposed to hash passwords to
MD5, and comparing results with my host running FreeBSD 7.0-STABLE
At some point I didn't get the same hash from the website and from BSD.
On BSD:
echo -n "test'$@" | md5
5c28a8c6d799d302f3ef53afefdfc81b
On website:
f883cdacbb478c241c51da1f67fbe9bf
After swapping characters around I realized that echo just interprets
$@ (which in our case is null).
So I tried escaping the @ which didn't work:
echo -n "test'$\@" | md5
cff4781da603112b5a271891c7c9cc47
Escaping the $ did work however:
echo -n "test'\$@" | md5
f883cdacbb478c241c51da1f67fbe9bf
I can not think of a concrete example at the moment, but I can imagine
a program creating a hash and inadvertently feeding md5 a string
containing $? , $@ , $# or $1 for example.
This could lead to unwanted results.
Anyone knows if this behaviour is intended ?
It sure confused me here.
Perhaps a switch should be added to tell echo to not parse the $variables ?
Or perhaps it should be the natural behaviour to not parse them, and
only do it if -e was given ?
Regards,
More information about the freebsd-current
mailing list