Security Implications of using unsanitized data in Shell Arithmetic evaluation












17















In a comment to a recent question, Stéphane Chazelas
mentions that there are security implications to double parentheses arithmetic such as:



x=$((1-$x))


on most shells.



My Google skills seem to be rusty and I can't find anything. What are the security implications of double parentheses arithmetic?






shell security arithmetic







share|improve this question





























    17















    In a comment to a recent question, Stéphane Chazelas
    mentions that there are security implications to double parentheses arithmetic such as:



    x=$((1-$x))


    on most shells.



    My Google skills seem to be rusty and I can't find anything. What are the security implications of double parentheses arithmetic?






    shell security arithmetic







    share|improve this question



























      17












      17








      17


      5






      In a comment to a recent question, Stéphane Chazelas
      mentions that there are security implications to double parentheses arithmetic such as:



      x=$((1-$x))


      on most shells.



      My Google skills seem to be rusty and I can't find anything. What are the security implications of double parentheses arithmetic?






      shell security arithmetic







      share|improve this question
















      In a comment to a recent question, Stéphane Chazelas
      mentions that there are security implications to double parentheses arithmetic such as:



      x=$((1-$x))


      on most shells.



      My Google skills seem to be rusty and I can't find anything. What are the security implications of double parentheses arithmetic?






      shell security arithmetic




      shell security arithmetic






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 13 '17 at 12:36









      Community

      1




      1










      asked Dec 8 '14 at 12:57









      garethTheRedgarethTheRed

      24.2k36180




      24.2k36180






















          1 Answer
          1






          active

          oldest

          votes


















          20














          The problem is in cases where the content of $x has not been sanitized and contains data that could potentially be under the control of an attacker in cases that shell code may end up being used in a privilege escalation context (for instance a script invoked by a setuid application, a sudoers script or used to process off-the-network data (CGI, DHCP hook...) directly or indirectly).



          If:



          x='(PATH=2)'


          Then:



          x=$((1-$x)))


          has the side effect of setting PATH to 2 (a relative path that could very well be under control of the attacker). You can replace PATH with LD_LIBRARY_PATH or IFS... The same happens with x=$((1-x)) in bash, zsh or ksh (not dash nor yash which only accept numerical constants in variables there).



          Note that:



          x=$((1-$x))


          won't work properly for negative values of $x in some shells that implement the (optional as per POSIX) -- (decrement) operator (as with x=-1, that means asking the shell to evaluate the 1--1 arithmetic expression). "$((1-x))" doesn't have the problem as x is expanded as part of (not before) the arithmetic evaluation.



          In bash, zsh and ksh (not dash or yash), if x is:



          x='a[0$(uname>&2)]'


          Then the expansion of $((1-$x)) or $((1-x)) causes that uname command to be executed (for zsh, a needs to be an array variable, but one can use psvar for instance for that).



          In summary, one shouldn't use uninitialised or non-sanitized external data in arithmetic expressions in shells (note that arithmetic evaluation can be done by $((...)) (aka $[...] in bash or zsh) but also depending on the shell in the let, [/test, declare/typeset/export..., return, break, continue, exit, printf, print builtins, array indices, ((..)) and [[...]] constructs to name a few).



          To check that a variable contains a literal decimal integer number, you can use POSIXly:



          case $var in
          
  ("" | - | *[!0123456789-]* | ?*-*) echo >&2 not a valid number; exit 1;;
          
esac


          Beware that [0-9] in some locales matches more than 0123456789. [[:digit:]] should be OK but I wouldn't bet on it.



          Also remember that numbers with leading zeros are treated as octal in some contexts (010 is sometimes 10, sometimes 8) and beware that the check above will let through numbers that are potentially bigger than the maximum integer supported by your system (or whatever application you will use that integer in; bash for instance treats 18446744073709551616 as 0 as that's 264). So you might want to add extra checks in that case statement above like:



          (0?* | -0?*)
          
  echo >&2 'Only decimal numbers without leading 0 accepted'; exit 1;;
          
(-??????????* | [!-]?????????*)
          
  echo >&2 'Only numbers from -999999999 to 999999999 supported'; exit 1;;


          Examples:



          $ export 'x=psvar[0$(uname>&2)]'
          
$ ksh93 -c 'echo "$((x))"'
          
Linux
          
ksh93: psvar: parameter not set
          
$ ksh93 -c '[ x -lt 2 ]'
          
Linux
          
ksh93: [: psvar: parameter not set
          
$ bash -c 'echo "$((x))"'
          
Linux
          
0
          
$ bash -c '[[ $x -lt 2 ]]'
          
Linux
          
$ bash -c 'typeset -i a; export a="$x"'
          
Linux
          
$ bash -c 'typeset -a a=([x]=1)'
          
Linux
          
$ bash -c '[ -v "$x" ]'
          
Linux
          
$ mksh -c '[[ $x -lt 2 ]]'
          
Linux
          
$ zsh -c 'echo "$((x))"'
          
Linux
          
0
          
$ zsh -c 'printf %d $x'
          
Linux
          
0
          
$ zsh -c 'integer x'
          
Linux
          
$ zsh -c 'exit $x'
          
Linux


          More reading at:





          • http://www.zsh.org/mla/workers/2014/msg01041.html (where Oliver Kiddle brought the x[0$(...)] issue to our attention).

          • http://thread.gmane.org/gmane.comp.standards.posix.austin.general/9971


          • http://thread.gmane.org/gmane.comp.shells.bash.bugs/22737 for another mis-design potentially leading to code injection in bash.


          • Security implications of forgetting to quote a variable in bash/POSIX shells where that and leaving a variable unquoted can aggravate each other.






          share|improve this answer


























          • x='P=3'; : $(($x + 5)) will set P to 8, but x='P=3'; : $((x + 5)) will set P to 3 (in zsh, ksh or bash). "The same happens with $((x + 1)) ..." is not correct now; it will set PATH to 2, as of old.

            – mosvy
            Jan 9 at 22:51











          • @mosvy, right thanks (and for your earlier edit). Corrected now.

            – Stéphane Chazelas
            Jan 9 at 23:26











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f172103%2fsecurity-implications-of-using-unsanitized-data-in-shell-arithmetic-evaluation%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          20














          The problem is in cases where the content of $x has not been sanitized and contains data that could potentially be under the control of an attacker in cases that shell code may end up being used in a privilege escalation context (for instance a script invoked by a setuid application, a sudoers script or used to process off-the-network data (CGI, DHCP hook...) directly or indirectly).



          If:



          x='(PATH=2)'


          Then:



          x=$((1-$x)))


          has the side effect of setting PATH to 2 (a relative path that could very well be under control of the attacker). You can replace PATH with LD_LIBRARY_PATH or IFS... The same happens with x=$((1-x)) in bash, zsh or ksh (not dash nor yash which only accept numerical constants in variables there).



          Note that:



          x=$((1-$x))


          won't work properly for negative values of $x in some shells that implement the (optional as per POSIX) -- (decrement) operator (as with x=-1, that means asking the shell to evaluate the 1--1 arithmetic expression). "$((1-x))" doesn't have the problem as x is expanded as part of (not before) the arithmetic evaluation.



          In bash, zsh and ksh (not dash or yash), if x is:



          x='a[0$(uname>&2)]'


          Then the expansion of $((1-$x)) or $((1-x)) causes that uname command to be executed (for zsh, a needs to be an array variable, but one can use psvar for instance for that).



          In summary, one shouldn't use uninitialised or non-sanitized external data in arithmetic expressions in shells (note that arithmetic evaluation can be done by $((...)) (aka $[...] in bash or zsh) but also depending on the shell in the let, [/test, declare/typeset/export..., return, break, continue, exit, printf, print builtins, array indices, ((..)) and [[...]] constructs to name a few).



          To check that a variable contains a literal decimal integer number, you can use POSIXly:



          case $var in
          
  ("" | - | *[!0123456789-]* | ?*-*) echo >&2 not a valid number; exit 1;;
          
esac


          Beware that [0-9] in some locales matches more than 0123456789. [[:digit:]] should be OK but I wouldn't bet on it.



          Also remember that numbers with leading zeros are treated as octal in some contexts (010 is sometimes 10, sometimes 8) and beware that the check above will let through numbers that are potentially bigger than the maximum integer supported by your system (or whatever application you will use that integer in; bash for instance treats 18446744073709551616 as 0 as that's 264). So you might want to add extra checks in that case statement above like:



          (0?* | -0?*)
          
  echo >&2 'Only decimal numbers without leading 0 accepted'; exit 1;;
          
(-??????????* | [!-]?????????*)
          
  echo >&2 'Only numbers from -999999999 to 999999999 supported'; exit 1;;


          Examples:



          $ export 'x=psvar[0$(uname>&2)]'
          
$ ksh93 -c 'echo "$((x))"'
          
Linux
          
ksh93: psvar: parameter not set
          
$ ksh93 -c '[ x -lt 2 ]'
          
Linux
          
ksh93: [: psvar: parameter not set
          
$ bash -c 'echo "$((x))"'
          
Linux
          
0
          
$ bash -c '[[ $x -lt 2 ]]'
          
Linux
          
$ bash -c 'typeset -i a; export a="$x"'
          
Linux
          
$ bash -c 'typeset -a a=([x]=1)'
          
Linux
          
$ bash -c '[ -v "$x" ]'
          
Linux
          
$ mksh -c '[[ $x -lt 2 ]]'
          
Linux
          
$ zsh -c 'echo "$((x))"'
          
Linux
          
0
          
$ zsh -c 'printf %d $x'
          
Linux
          
0
          
$ zsh -c 'integer x'
          
Linux
          
$ zsh -c 'exit $x'
          
Linux


          More reading at:





          • http://www.zsh.org/mla/workers/2014/msg01041.html (where Oliver Kiddle brought the x[0$(...)] issue to our attention).

          • http://thread.gmane.org/gmane.comp.standards.posix.austin.general/9971


          • http://thread.gmane.org/gmane.comp.shells.bash.bugs/22737 for another mis-design potentially leading to code injection in bash.


          • Security implications of forgetting to quote a variable in bash/POSIX shells where that and leaving a variable unquoted can aggravate each other.






          share|improve this answer


























          • x='P=3'; : $(($x + 5)) will set P to 8, but x='P=3'; : $((x + 5)) will set P to 3 (in zsh, ksh or bash). "The same happens with $((x + 1)) ..." is not correct now; it will set PATH to 2, as of old.

            – mosvy
            Jan 9 at 22:51











          • @mosvy, right thanks (and for your earlier edit). Corrected now.

            – Stéphane Chazelas
            Jan 9 at 23:26
















          20














          The problem is in cases where the content of $x has not been sanitized and contains data that could potentially be under the control of an attacker in cases that shell code may end up being used in a privilege escalation context (for instance a script invoked by a setuid application, a sudoers script or used to process off-the-network data (CGI, DHCP hook...) directly or indirectly).



          If:



          x='(PATH=2)'


          Then:



          x=$((1-$x)))


          has the side effect of setting PATH to 2 (a relative path that could very well be under control of the attacker). You can replace PATH with LD_LIBRARY_PATH or IFS... The same happens with x=$((1-x)) in bash, zsh or ksh (not dash nor yash which only accept numerical constants in variables there).



          Note that:



          x=$((1-$x))


          won't work properly for negative values of $x in some shells that implement the (optional as per POSIX) -- (decrement) operator (as with x=-1, that means asking the shell to evaluate the 1--1 arithmetic expression). "$((1-x))" doesn't have the problem as x is expanded as part of (not before) the arithmetic evaluation.



          In bash, zsh and ksh (not dash or yash), if x is:



          x='a[0$(uname>&2)]'


          Then the expansion of $((1-$x)) or $((1-x)) causes that uname command to be executed (for zsh, a needs to be an array variable, but one can use psvar for instance for that).



          In summary, one shouldn't use uninitialised or non-sanitized external data in arithmetic expressions in shells (note that arithmetic evaluation can be done by $((...)) (aka $[...] in bash or zsh) but also depending on the shell in the let, [/test, declare/typeset/export..., return, break, continue, exit, printf, print builtins, array indices, ((..)) and [[...]] constructs to name a few).



          To check that a variable contains a literal decimal integer number, you can use POSIXly:



          case $var in
          
  ("" | - | *[!0123456789-]* | ?*-*) echo >&2 not a valid number; exit 1;;
          
esac


          Beware that [0-9] in some locales matches more than 0123456789. [[:digit:]] should be OK but I wouldn't bet on it.



          Also remember that numbers with leading zeros are treated as octal in some contexts (010 is sometimes 10, sometimes 8) and beware that the check above will let through numbers that are potentially bigger than the maximum integer supported by your system (or whatever application you will use that integer in; bash for instance treats 18446744073709551616 as 0 as that's 264). So you might want to add extra checks in that case statement above like:



          (0?* | -0?*)
          
  echo >&2 'Only decimal numbers without leading 0 accepted'; exit 1;;
          
(-??????????* | [!-]?????????*)
          
  echo >&2 'Only numbers from -999999999 to 999999999 supported'; exit 1;;


          Examples:



          $ export 'x=psvar[0$(uname>&2)]'
          
$ ksh93 -c 'echo "$((x))"'
          
Linux
          
ksh93: psvar: parameter not set
          
$ ksh93 -c '[ x -lt 2 ]'
          
Linux
          
ksh93: [: psvar: parameter not set
          
$ bash -c 'echo "$((x))"'
          
Linux
          
0
          
$ bash -c '[[ $x -lt 2 ]]'
          
Linux
          
$ bash -c 'typeset -i a; export a="$x"'
          
Linux
          
$ bash -c 'typeset -a a=([x]=1)'
          
Linux
          
$ bash -c '[ -v "$x" ]'
          
Linux
          
$ mksh -c '[[ $x -lt 2 ]]'
          
Linux
          
$ zsh -c 'echo "$((x))"'
          
Linux
          
0
          
$ zsh -c 'printf %d $x'
          
Linux
          
0
          
$ zsh -c 'integer x'
          
Linux
          
$ zsh -c 'exit $x'
          
Linux


          More reading at:





          • http://www.zsh.org/mla/workers/2014/msg01041.html (where Oliver Kiddle brought the x[0$(...)] issue to our attention).

          • http://thread.gmane.org/gmane.comp.standards.posix.austin.general/9971


          • http://thread.gmane.org/gmane.comp.shells.bash.bugs/22737 for another mis-design potentially leading to code injection in bash.


          • Security implications of forgetting to quote a variable in bash/POSIX shells where that and leaving a variable unquoted can aggravate each other.






          share|improve this answer


























          • x='P=3'; : $(($x + 5)) will set P to 8, but x='P=3'; : $((x + 5)) will set P to 3 (in zsh, ksh or bash). "The same happens with $((x + 1)) ..." is not correct now; it will set PATH to 2, as of old.

            – mosvy
            Jan 9 at 22:51











          • @mosvy, right thanks (and for your earlier edit). Corrected now.

            – Stéphane Chazelas
            Jan 9 at 23:26














          20












          20








          20







          The problem is in cases where the content of $x has not been sanitized and contains data that could potentially be under the control of an attacker in cases that shell code may end up being used in a privilege escalation context (for instance a script invoked by a setuid application, a sudoers script or used to process off-the-network data (CGI, DHCP hook...) directly or indirectly).



          If:



          x='(PATH=2)'


          Then:



          x=$((1-$x)))


          has the side effect of setting PATH to 2 (a relative path that could very well be under control of the attacker). You can replace PATH with LD_LIBRARY_PATH or IFS... The same happens with x=$((1-x)) in bash, zsh or ksh (not dash nor yash which only accept numerical constants in variables there).



          Note that:



          x=$((1-$x))


          won't work properly for negative values of $x in some shells that implement the (optional as per POSIX) -- (decrement) operator (as with x=-1, that means asking the shell to evaluate the 1--1 arithmetic expression). "$((1-x))" doesn't have the problem as x is expanded as part of (not before) the arithmetic evaluation.



          In bash, zsh and ksh (not dash or yash), if x is:



          x='a[0$(uname>&2)]'


          Then the expansion of $((1-$x)) or $((1-x)) causes that uname command to be executed (for zsh, a needs to be an array variable, but one can use psvar for instance for that).



          In summary, one shouldn't use uninitialised or non-sanitized external data in arithmetic expressions in shells (note that arithmetic evaluation can be done by $((...)) (aka $[...] in bash or zsh) but also depending on the shell in the let, [/test, declare/typeset/export..., return, break, continue, exit, printf, print builtins, array indices, ((..)) and [[...]] constructs to name a few).



          To check that a variable contains a literal decimal integer number, you can use POSIXly:



          case $var in
          
  ("" | - | *[!0123456789-]* | ?*-*) echo >&2 not a valid number; exit 1;;
          
esac


          Beware that [0-9] in some locales matches more than 0123456789. [[:digit:]] should be OK but I wouldn't bet on it.



          Also remember that numbers with leading zeros are treated as octal in some contexts (010 is sometimes 10, sometimes 8) and beware that the check above will let through numbers that are potentially bigger than the maximum integer supported by your system (or whatever application you will use that integer in; bash for instance treats 18446744073709551616 as 0 as that's 264). So you might want to add extra checks in that case statement above like:



          (0?* | -0?*)
          
  echo >&2 'Only decimal numbers without leading 0 accepted'; exit 1;;
          
(-??????????* | [!-]?????????*)
          
  echo >&2 'Only numbers from -999999999 to 999999999 supported'; exit 1;;


          Examples:



          $ export 'x=psvar[0$(uname>&2)]'
          
$ ksh93 -c 'echo "$((x))"'
          
Linux
          
ksh93: psvar: parameter not set
          
$ ksh93 -c '[ x -lt 2 ]'
          
Linux
          
ksh93: [: psvar: parameter not set
          
$ bash -c 'echo "$((x))"'
          
Linux
          
0
          
$ bash -c '[[ $x -lt 2 ]]'
          
Linux
          
$ bash -c 'typeset -i a; export a="$x"'
          
Linux
          
$ bash -c 'typeset -a a=([x]=1)'
          
Linux
          
$ bash -c '[ -v "$x" ]'
          
Linux
          
$ mksh -c '[[ $x -lt 2 ]]'
          
Linux
          
$ zsh -c 'echo "$((x))"'
          
Linux
          
0
          
$ zsh -c 'printf %d $x'
          
Linux
          
0
          
$ zsh -c 'integer x'
          
Linux
          
$ zsh -c 'exit $x'
          
Linux


          More reading at:





          • http://www.zsh.org/mla/workers/2014/msg01041.html (where Oliver Kiddle brought the x[0$(...)] issue to our attention).

          • http://thread.gmane.org/gmane.comp.standards.posix.austin.general/9971


          • http://thread.gmane.org/gmane.comp.shells.bash.bugs/22737 for another mis-design potentially leading to code injection in bash.


          • Security implications of forgetting to quote a variable in bash/POSIX shells where that and leaving a variable unquoted can aggravate each other.






          share|improve this answer















          The problem is in cases where the content of $x has not been sanitized and contains data that could potentially be under the control of an attacker in cases that shell code may end up being used in a privilege escalation context (for instance a script invoked by a setuid application, a sudoers script or used to process off-the-network data (CGI, DHCP hook...) directly or indirectly).



          If:



          x='(PATH=2)'


          Then:



          x=$((1-$x)))


          has the side effect of setting PATH to 2 (a relative path that could very well be under control of the attacker). You can replace PATH with LD_LIBRARY_PATH or IFS... The same happens with x=$((1-x)) in bash, zsh or ksh (not dash nor yash which only accept numerical constants in variables there).



          Note that:



          x=$((1-$x))


          won't work properly for negative values of $x in some shells that implement the (optional as per POSIX) -- (decrement) operator (as with x=-1, that means asking the shell to evaluate the 1--1 arithmetic expression). "$((1-x))" doesn't have the problem as x is expanded as part of (not before) the arithmetic evaluation.



          In bash, zsh and ksh (not dash or yash), if x is:



          x='a[0$(uname>&2)]'


          Then the expansion of $((1-$x)) or $((1-x)) causes that uname command to be executed (for zsh, a needs to be an array variable, but one can use psvar for instance for that).



          In summary, one shouldn't use uninitialised or non-sanitized external data in arithmetic expressions in shells (note that arithmetic evaluation can be done by $((...)) (aka $[...] in bash or zsh) but also depending on the shell in the let, [/test, declare/typeset/export..., return, break, continue, exit, printf, print builtins, array indices, ((..)) and [[...]] constructs to name a few).



          To check that a variable contains a literal decimal integer number, you can use POSIXly:



          case $var in
          
  ("" | - | *[!0123456789-]* | ?*-*) echo >&2 not a valid number; exit 1;;
          
esac


          Beware that [0-9] in some locales matches more than 0123456789. [[:digit:]] should be OK but I wouldn't bet on it.



          Also remember that numbers with leading zeros are treated as octal in some contexts (010 is sometimes 10, sometimes 8) and beware that the check above will let through numbers that are potentially bigger than the maximum integer supported by your system (or whatever application you will use that integer in; bash for instance treats 18446744073709551616 as 0 as that's 264). So you might want to add extra checks in that case statement above like:



          (0?* | -0?*)
          
  echo >&2 'Only decimal numbers without leading 0 accepted'; exit 1;;
          
(-??????????* | [!-]?????????*)
          
  echo >&2 'Only numbers from -999999999 to 999999999 supported'; exit 1;;


          Examples:



          $ export 'x=psvar[0$(uname>&2)]'
          
$ ksh93 -c 'echo "$((x))"'
          
Linux
          
ksh93: psvar: parameter not set
          
$ ksh93 -c '[ x -lt 2 ]'
          
Linux
          
ksh93: [: psvar: parameter not set
          
$ bash -c 'echo "$((x))"'
          
Linux
          
0
          
$ bash -c '[[ $x -lt 2 ]]'
          
Linux
          
$ bash -c 'typeset -i a; export a="$x"'
          
Linux
          
$ bash -c 'typeset -a a=([x]=1)'
          
Linux
          
$ bash -c '[ -v "$x" ]'
          
Linux
          
$ mksh -c '[[ $x -lt 2 ]]'
          
Linux
          
$ zsh -c 'echo "$((x))"'
          
Linux
          
0
          
$ zsh -c 'printf %d $x'
          
Linux
          
0
          
$ zsh -c 'integer x'
          
Linux
          
$ zsh -c 'exit $x'
          
Linux


          More reading at:





          • http://www.zsh.org/mla/workers/2014/msg01041.html (where Oliver Kiddle brought the x[0$(...)] issue to our attention).

          • http://thread.gmane.org/gmane.comp.standards.posix.austin.general/9971


          • http://thread.gmane.org/gmane.comp.shells.bash.bugs/22737 for another mis-design potentially leading to code injection in bash.


          • Security implications of forgetting to quote a variable in bash/POSIX shells where that and leaving a variable unquoted can aggravate each other.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 2 days ago

























          answered Dec 8 '14 at 13:29









          Stéphane ChazelasStéphane Chazelas

          301k55564916




          301k55564916













          • x='P=3'; : $(($x + 5)) will set P to 8, but x='P=3'; : $((x + 5)) will set P to 3 (in zsh, ksh or bash). "The same happens with $((x + 1)) ..." is not correct now; it will set PATH to 2, as of old.

            – mosvy
            Jan 9 at 22:51











          • @mosvy, right thanks (and for your earlier edit). Corrected now.

            – Stéphane Chazelas
            Jan 9 at 23:26



















          • x='P=3'; : $(($x + 5)) will set P to 8, but x='P=3'; : $((x + 5)) will set P to 3 (in zsh, ksh or bash). "The same happens with $((x + 1)) ..." is not correct now; it will set PATH to 2, as of old.

            – mosvy
            Jan 9 at 22:51











          • @mosvy, right thanks (and for your earlier edit). Corrected now.

            – Stéphane Chazelas
            Jan 9 at 23:26

















          x='P=3'; : $(($x + 5)) will set P to 8, but x='P=3'; : $((x + 5)) will set P to 3 (in zsh, ksh or bash). "The same happens with $((x + 1)) ..." is not correct now; it will set PATH to 2, as of old.

          – mosvy
          Jan 9 at 22:51





          x='P=3'; : $(($x + 5)) will set P to 8, but x='P=3'; : $((x + 5)) will set P to 3 (in zsh, ksh or bash). "The same happens with $((x + 1)) ..." is not correct now; it will set PATH to 2, as of old.

          – mosvy
          Jan 9 at 22:51













          @mosvy, right thanks (and for your earlier edit). Corrected now.

          – Stéphane Chazelas
          Jan 9 at 23:26





          @mosvy, right thanks (and for your earlier edit). Corrected now.

          – Stéphane Chazelas
          Jan 9 at 23:26


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f172103%2fsecurity-implications-of-using-unsanitized-data-in-shell-arithmetic-evaluation%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          How to make a Squid Proxy server?

          Image
          1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari ...
          Read more

          第一次世界大戦

          Image
          この項目「 第一次世界大戦 」は翻訳されたばかりのものです。不自然あるいは曖昧な表現などが含まれる可能性があり、このままでは読みづらいかもしれません。(原文:ドイツ語版&oldid=173272248、英語版&oldid=821659949) 修正、加筆に協力し、現在の表現をより原文に近づけて下さる方を求めています。ノートページや履歴も参照してください。 ( 2018年5月 ) 第一次世界大戦 (だいいちじせかいたいせん、英語: World War I 、略称: WWI )は、1914年7月28日から1918年11月11日にかけて、連合国対中央同盟国の戦闘により繰り広げられた世界大戦である。 第一次世界大戦 上段:西部戦線の戦場 中段左:ドイツ軍のアルバトロス D.III複葉機 中段右:イギリス軍のMk.IV戦車 下段左:ソンムの戦いでのヴィッカース重機関銃と英兵 下段右:ガリポリの戦いで沈む英国戦艦イレジスティブル 戦争 :第一次世界大戦 年月日 :1914年7月28日 - 1918年11月11日 場所 :ヨーロッパ、中東、アフリカ、中国、太平洋 結果 :連合国(協商国)の勝利 交戦勢力 連合国 フランス共和国 イギリス帝国 ロシア帝国 セルビア王国 モンテネグロ王国 ベルギー 大日本帝国 イタリア王国 ルーマニア王国 ポルトガル共和国 アメリカ合衆国 ギリシャ王国 中華民国(北京政府) 他多数 中央同盟国 ドイツ帝国 オーストリア=ハンガリー帝国 オスマン帝国 ブルガリア王国 ほか共同参戦国あり 指導者・指揮官 ジョルジュ・クレマンソー レイモン・ポアンカレ フェルディナン・フォッシュ ジョージ5世 ハーバート・ヘンリー・アスキス ホレイショ・ハーバート・キッチナー デビッド・ロイド・ジョージ ニコライ2世 ペータル1世 ニコラ1世 アルベール1世 大正天皇 大隈重信 寺内正毅 原敬 ヴィットーリオ・エマヌエーレ3世 ヴィットーリオ・オルランド フェルディナンド1世 ウッドロウ・ウィルソン アレクサンドロス1世 段祺瑞 他多数 (英語版) ヴィルヘルム2世 パウル・フォン・ヒン...
          Read more

          Touch on Surface Book

          Image
          0 How can I make touch work on my Surface Book? About my Surface Book: Model: Intel Core i7-6600 U @ 2.60 GHz with 8 GB Ram and Nvidia GPU OS: Ubuntu 17.04 Latest, kernel 4.10.0-13-generic System outputs on Ubuntu: ~$ xinput list ⎡ Virtual core pointer id=2 [master pointer (3)] ⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)] ⎜ ↳ USB OPTICAL MOUSE id=8 [slave pointer (2)] ⎜ ↳ Microsoft Surface Keyboard Consumer Control id=10 [slave pointer (2)] ⎜ ↳ Microsoft Surface Keyboard Touchpad id=11 [slave pointer (2)] ⎣ Virtual core keyboard id=3 [master keyboard (2)] ↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)] ...
          Read more