From c0966f6327d1868647d015629afd53b59bcb8dc0 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sun, 4 Oct 2020 17:07:24 +0000 Subject: doc: fix URLs --- doc/dieshdiedie.html | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'doc/dieshdiedie.html') diff --git a/doc/dieshdiedie.html b/doc/dieshdiedie.html index 9dd2313..75e660f 100644 --- a/doc/dieshdiedie.html +++ b/doc/dieshdiedie.html @@ -26,7 +26,7 @@ One of the most frequent sources of security problems in programs is parsing. Parsing is a complex operation, and it is easy to make mistakes while designing and implementing a parser. (See -what Dan Bernstein says +what Dan Bernstein says on the subject, section 5.)

@@ -34,12 +34,12 @@ on the subject, section 5.) But shells parse all the time. Worse, the essence of the shell is parsing: the parser and the runner are intimately interleaved and cannot be clearly separated, thanks to the -specification. +specification. The shell performs several kinds of expansions, automatic filename globbing, and automatic word splitting, in an unintuitive order, requiring users to memorize numerous arbitrary quoting rules in order to achieve what they want. Pages -abound +abound where common mistakes are listed, more often than not leading to security holes. Did you know that "$@" is a special case of double quoting, because it will split the arguments into @@ -80,7 +80,7 @@ cannot be used safely with the normalized options, because most shells come with a builtin test that does not respect the specification to the letter. And let's not get started about echo, which has its own set of problems. Rich Felker has -a page listing tricks +a page listing tricks to use to write portable shell scripts. Writing a portable script should not be that hard.

@@ -128,7 +128,7 @@ you will find with execline, and it is common to every script language.

The real solution to this portability problem is a convention that guarantees fixed absolute paths for executables, which the FHS does not do. -The slashpackage convention is +The slashpackage convention is such an initiative, and is well-designed; but as with every convention, it only works if everyone follows it, and unfortunately, slashpackage has not @@ -143,7 +143,7 @@ can be configured to follow the slashpackage convention. I originally wanted a shell that could be used on an embedded system. Even the ash shell seemed big, so I thought of writing my own. Hence I had a look at the -sh +sh specification... and ran away screaming. This specification is insane. It goes against every good programming @@ -155,7 +155,7 @@ to wannabe sh implementors. POSIX cannot really be blamed for that: it only normalizes existing, historical behaviour. One can argue whether it is a good idea to normalize atrocious behaviour for historical reasons, as is the case with the infamous -gets +gets function, but this is the way it is.

-- cgit v1.2.3