Critical Rust flaw enables Windows command injection attacks - eviltoast
  • Gobbel2000@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    7 months ago

    I won’t argue with you that bash is janky and easily insecure, but what shell language do you think should replace bash?

      • Gobbel2000@programming.dev
        link
        fedilink
        arrow-up
        7
        ·
        7 months ago

        While there certainly is some overlap, Python is a scripting language and not a shell language. Some tasks that involve calling lots of different programs and juggling input and output streams are much easier done in bash than in Python.

        • maiskanzler@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          Absolutely true, it was more of a joke because Python is being used for pretty much anything today. I really don’t want to mess with correct indentation in my terminal.

    • BatmanAoD@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      The only semi-realistic way I can see Bash becoming mostly obsolete is with a tool that provides automated migration of large scripts, and the only project I know of that’s even attempting that is Oil: https://www.oilshell.org/

      But for spawning a command in a subprocess, there really ought to be a standard OS API that doesn’t involve invoking a shell at all. I expect that most or all implementations of posix_spawn and execve don’t invoke a shell, but the standard call to start a process on Windows, CreateProcess, apparently does involve cmd.exe for some bizarre reason, and that’s why this is a problem in the first place.

    • UnfortunateShort@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      7 months ago

      I think fish is simply fantastic. Not only is it significantly more readable than most other shell languages, it was also recently rewritten in Rust (still in testing I think), which gives me a lot of confidence when it comes to your typical vulnerabilities.

      I mean sure, a Rust vulnerability the reason we’re talking, but let’s not forget how valuable memory and thread safety are.