Re: [htdig3-dev] Re: ExternalTransport and shell escaping

Subject: Re: [htdig3-dev] Re: ExternalTransport and shell escaping
From: Geoff Hutchison (
Date: Mon Feb 14 2000 - 13:40:09 PST

On Mon, 14 Feb 2000, Gilles Detillieux wrote:

> > Evidently, we'd need to escape shell meta-characters because they have
> > higher priority than the quotes.
> No, that's not right. Either Jonathan is mistaken, or he has a buggy shell
> or popen() on his system. An ampersand inside double quotes is NOT supposed
> to be interpreted by the shell! It would be a good idea to backslash-escape
> certain meta characters that do have special meaning within double quotes,
> but these are limited to `, $, !, and of course " itself.

That's what I thought too, but since I'm an experimentalist, I tried this
from my bash prompt: https "" /etc/htdig/htdig.conf

I was fairly sure that the ampersand was NOT supposed to be interpreted,
but in any case, I didn't have the privs to remove htdig.conf. I got an
error message back from rm. Try it! It might be a bug in bash, but it's a
bit irrelevant--we have to work around it.

> arguments from his script to other programs. Or maybe there's a bug on
> his system. I had tested the external parser quoting fix on my system,
> and it worked.

I dunno. Try the test above from your bash prompt and let me know. I'd say
if *I* can do it reproducibly, then there's some version of bash with this
bug and we need to worry about it from a security standpoint.


To unsubscribe from the htdig3-dev mailing list, send a message to
You will receive a message to confirm this.

This archive was generated by hypermail 2b28 : Mon Feb 14 2000 - 13:43:09 PST