GNU bug report logs -
#20796
[PATCH] Document behavior of sed -i -
Previous Next
Reported by: Stanislav Brabec <sbrabec <at> suse.com>
Date: Fri, 12 Jun 2015 15:34:02 UTC
Severity: normal
Tags: patch
Done: Jim Meyering <jim <at> meyering.net>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 20796 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Fri, Jun 12, 2015 at 8:32 AM, Stanislav Brabec <sbrabec <at> suse.com> wrote:
> "sed -i -" does not fail, but it also does not do what one would expect.
> Document it, as it could have security implications:
>
> Example:
> The sed command below looks broken, but it is executed and succeeds:
>
> ln -s /etc/passwd -- -
> echo root | sed -i --follow-symlinks s/root/parrot/ -
>
> Signed-off-by: Stanislav Brabec <sbrabec <at> suse.cz>
> ---
> doc/sed-in.texi | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/doc/sed-in.texi b/doc/sed-in.texi
> index 0e10cde..c8f1289 100644
> --- a/doc/sed-in.texi
> +++ b/doc/sed-in.texi
> @@ -180,6 +180,7 @@ sed OPTIONS... [SCRIPT] [INPUTFILE...]
> @end example
>
> If you do not specify @var{INPUTFILE}, or if @var{INPUTFILE} is @file{-},
> +and @option{-i} is not used,
> @command{sed} filters the contents of the standard input. The @var{script}
> is actually the first non-option parameter, which @command{sed} specially
> considers a script and not an input file if (and only if) none of the
Thank you for the patch.
However, rather than documenting this surprising behavior,
I propose to remove the anomaly altogether with the attached patch.
Does anyone see a reason to retain the behavior of treating "-"
like "./-"?
[0001-sed-i-do-not-treat-as-a-file-name.patch (application/octet-stream, attachment)]
This bug report was last modified 9 years and 334 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.