GNU bug report logs - #21249
"sed -i '...' -" in git head

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Stephane Chazelas <stephane.chazelas <at> gmail.com>
Subject: bug#21249: closed (Re: bug#21249: "sed -i '...' -" in git head)
Date: Sun, 03 Jan 2016 18:55:01 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#21249: "sed -i '...' -" in git head

which was filed against the sed package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 21249 <at> debbugs.gnu.org.

-- 
21249: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=21249
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Jim Meyering <jim <at> meyering.net>
To: Stephane Chazelas <stephane.chazelas <at> gmail.com>
Cc: 21249-done <at> debbugs.gnu.org
Subject: Re: bug#21249: "sed -i '...' -" in git head
Date: Sun, 3 Jan 2016 10:53:52 -0800

On Sat, Jan 2, 2016 at 7:25 PM, Jim Meyering <jim <at> meyering.net> wrote:
> On Thu, Aug 13, 2015 at 7:15 AM, Stephane Chazelas
> <stephane.chazelas <at> gmail.com> wrote:
>> Hello,
>>
>> about this commit:
>>
>>> commit c033bdee411128dfebfea1974d1ee3c1d9eac572
>>> Author: Jim Meyering <meyering <at> fb.com>
>>> Date:   Sat Jun 20 07:38:49 2015 -0700
>>>
>>>     sed -i: do not treat "-" as a file name
>>
>> the behaviour was aligned with perl's (where that syntax derives
>> from).
>>
>> In perl, perl -pi -e 's/../../' -- *
>>
>> or perl -pi -e 's/../../' -- "$file"
>>
>> is known to be /reliable/ (work regardless of the value of $file
>> (while without -i it's not, see
>> https://unix.stackexchange.com/questions/170013/security-implications-of-running-perl-ne
>> (-, cmd|, <file... are a problem there))
>>
>> That was also /safe/ in sed before that change. Treating "-" as
>> stdin with -i doesn't make sense as it doesn't make sense to
>> edit stdin "in-place".
>>
>> Now that means it breaks scripts that do:
>> sed -i '...' -- "$file"
>> expecting it modify $file regardless of the name of $file. Now,
>> one has to do:
>>
>> case $file in
>>  -) file=./-
>> esac
>> sed -i '...' -- "$file"
>>
>> for no good reason.
>>
>> IMO, that change only has negative consequences.
>
> Thank you for the report and good argument.
> I plan to revert that change with the attached patch:

Pushed.

[Message part 3 (message/rfc822, inline)]

From: Stephane Chazelas <stephane.chazelas <at> gmail.com>
To: bug-sed <at> gnu.org, Jim Meyering <meyering <at> fb.com>
Subject: "sed -i '...' -" in git head
Date: Thu, 13 Aug 2015 15:15:26 +0100

Hello,

about this commit:

> commit c033bdee411128dfebfea1974d1ee3c1d9eac572
> Author: Jim Meyering <meyering <at> fb.com>
> Date:   Sat Jun 20 07:38:49 2015 -0700
> 
>     sed -i: do not treat "-" as a file name

the behaviour was aligned with perl's (where that syntax derives
from).

In perl, perl -pi -e 's/../../' -- *

or perl -pi -e 's/../../' -- "$file"

is known to be /reliable/ (work regardless of the value of $file
(while without -i it's not, see
https://unix.stackexchange.com/questions/170013/security-implications-of-running-perl-ne
(-, cmd|, <file... are a problem there))

That was also /safe/ in sed before that change. Treating "-" as
stdin with -i doesn't make sense as it doesn't make sense to
edit stdin "in-place".

Now that means it breaks scripts that do:
sed -i '...' -- "$file"
expecting it modify $file regardless of the name of $file. Now,
one has to do:

case $file in
 -) file=./-
esac
sed -i '...' -- "$file"

for no good reason.

IMO, that change only has negative consequences.

just my 2 cents.

-- 
Stephane

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.