Page 5 of 6

Re: Shellshock

Posted: Sun Oct 12, 2014 7:15 am
by duck
As we're talking about our favourite shells, I used to be a zsh adherent after abandoning linux, but I've recently gone to pdksh and feel quite comfortable. zsh went out the door when they started doing "easy install" things on first login.

Re: Shellshock

Posted: Sun Oct 12, 2014 7:31 am
by foetz
duck wrote:zsh went out the door when they started doing "easy install" things on first login.

jus stick to an older version then :-)

Re: Shellshock

Posted: Sun Oct 12, 2014 7:58 am
by duck
foetz wrote:
duck wrote:zsh went out the door when they started doing "easy install" things on first login.

jus stick to an older version then :-)


Hah, yes! Suggested in this of all threads ;-)

Re: Shellshock

Posted: Sun Oct 12, 2014 8:05 am
by foetz
duck wrote:
foetz wrote:
duck wrote:zsh went out the door when they started doing "easy install" things on first login.

jus stick to an older version then :-)


Hah, yes! Suggested in this of all threads ;-)

hehe, no prob if it's not your webserver unless you have other users on it you don't trust. given that the zsh version you like does have nasty security issues at all

Re: Shellshock

Posted: Sun Oct 12, 2014 8:23 am
by duck
foetz wrote:
duck wrote:Hah, yes! Suggested in this of all threads ;-)

hehe, no prob if it's not your webserver unless you have other users on it you don't trust. given that the zsh version you like does have nasty security issues at all


Of course. It's not like it's replacing sh.

Re: Shellshock

Posted: Sun Oct 12, 2014 11:51 am
by kjaer
The ksh source was opened by AT&T maybe five or six years ago. Before that it was free for end-user download since the end of the '90s approximately, though the build environment was not entirely friendly.

Re: Shellshock

Posted: Sun Oct 12, 2014 10:15 pm
by foetz
kjaer wrote:though the build environment was not entirely friendly.

oh what an understatement :P

Re: Shellshock

Posted: Thu Oct 16, 2014 7:12 am
by jwp
Pretty early on I read the essay, "Csh Programming Considered Harmful," so I never bothered learning csh or tcsh. Since I was using Linux, bash was the default shell typically, and it seemed to do interactive editing and scripting pretty well.

Later when I was doing a lot of shell scripting on HP-UX, I used ksh88, and I really liked that as well. It has the important things that bash has, but without the bloat. When I was using it, though, there were some really annoying compatibility issues between ksh88 and pdksh. With ksh88, the following script prints "1", and on pdksh and mksh, it prints "0". Bash also prints "0".

Code: Select all

x=0
echo onetime | while read line; do
    x=1
done
echo $x

It's something stupid related to pipes and processes. The programmer needs to know that anything happening in the body of a loop is happening in another context -- but only when something is being piped into the loop. Why this behavior is reasonable, I have no idea. ksh88 handles it just fine, and did so decades ago. I don't know why these other shells like pdksh, mksh, and bash put the burden of remembering arcane details like this onto the programmer.

When AT&T opened up ksh93, I wish they had also released ksh88. My impression has been that ksh88 is a good all-around shell. It doesn't hurt that it's a long-time standard on commercial Unix systems either.

Re: Shellshock

Posted: Thu Oct 16, 2014 9:41 am
by armanox
jwp wrote:Pretty early on I read the essay, "Csh Programming Considered Harmful," so I never bothered learning csh or tcsh. Since I was using Linux, bash was the default shell typically, and it seemed to do interactive editing and scripting pretty well.

Later when I was doing a lot of shell scripting on HP-UX, I used ksh88, and I really liked that as well. It has the important things that bash has, but without the bloat. When I was using it, though, there were some really annoying compatibility issues between ksh88 and pdksh. With ksh88, the following script prints "1", and on pdksh and mksh, it prints "0". Bash also prints "0".

Code: Select all

x=0
echo onetime | while read line; do
    x=1
done
echo $x

It's something stupid related to pipes and processes. The programmer needs to know that anything happening in the body of a loop is happening in another context -- but only when something is being piped into the loop. Why this behavior is reasonable, I have no idea. ksh88 handles it just fine, and did so decades ago. I don't know why these other shells like pdksh, mksh, and bash put the burden of remembering arcane details like this onto the programmer.

When AT&T opened up ksh93, I wish they had also released ksh88. My impression has been that ksh88 is a good all-around shell. It doesn't hurt that it's a long-time standard on commercial Unix systems either.


That's an easy one - variable scope. Consider the following C++ program

Code: Select all


#include <iostream>
using namespace std;

int main( int argc, char* argv[])
{
  int i = 2;
  for (int i = 0; i < 2; i++)
        cout << i << endl; // Prints 0 then 1
  cout << i << endl; // Prints 2
  return 0;
}



The variable inside of the loop expires when the loop ends, and is in a different scope then the variable outside of the loop, despite having the same name. My guess is the developers of the other shells felt that variable scope was important, where as ksh88 doesn't have the concept.

Re: Shellshock

Posted: Thu Oct 16, 2014 3:51 pm
by jwp
armanox wrote:That's an easy one - variable scope. [...] The variable inside of the loop expires when the loop ends, and is in a different scope then the variable outside of the loop, despite having the same name. My guess is the developers of the other shells felt that variable scope was important, where as ksh88 doesn't have the concept.

Ah, but this only happens when piping to a loop. Otherwise, all the shells act the same way with variables, loops, and scope. The inconsistency is with pdksh, mksh, and bash. If the script were to be rewritten this way, then it would work the exact same way on all shells:

Code: Select all

x=0
echo onetime > /tmp/onetime
while read line; do
    x=1
done < /tmp/onetime
echo $x

This sort of incompatibility means that pdksh and mksh cannot be used as serious replacements for ksh. The only real path for developing or running ksh88 scripts with open-source software is to try them under ksh93, which is more compatible (and follows ksh88 behavior for this pipe / loop stuff).

Most people happily use pdksh and mksh as ksh replacements, because they don't do a lot of shell scripting, or otherwise don't have to worry about shell scripting compatibility. Sadly, it seems that many shells follow the same behavior as pdksh and mksh, despite there being no rationale other than the implementation details of the shell.

Re: Shellshock

Posted: Thu Oct 16, 2014 4:35 pm
by armanox
jwp wrote:
armanox wrote:That's an easy one - variable scope. [...] The variable inside of the loop expires when the loop ends, and is in a different scope then the variable outside of the loop, despite having the same name. My guess is the developers of the other shells felt that variable scope was important, where as ksh88 doesn't have the concept.

Ah, but this only happens when piping to a loop. Otherwise, all the shells act the same way with variables, loops, and scope. The inconsistency is with pdksh, mksh, and bash. If the script were to be rewritten this way, then it would work the exact same way on all shells:

Code: Select all

x=0
echo onetime > /tmp/onetime
while read line; do
    x=1
done < /tmp/onetime
echo $x

This sort of incompatibility means that pdksh and mksh cannot be used as serious replacements for ksh. The only real path for developing or running ksh88 scripts with open-source software is to try them under ksh93, which is more compatible (and follows ksh88 behavior for this pipe / loop stuff).

Most people happily use pdksh and mksh as ksh replacements, because they don't do a lot of shell scripting, or otherwise don't have to worry about shell scripting compatibility. Sadly, it seems that many shells follow the same behavior as pdksh and mksh, despite there being no rationale other than the implementation details of the shell.


Interesting. I'll admit that shell scripting is not an area that I consider myself an expert in. I always considered the lack of variable declaration a potential source of confusion in a lot of scripting languages (in my C++ example, it's clear that I am declaring a new i in the for loop. If I do not declare i, it uses the variable from outside of the loop's scope (so for( i = 0; i < 2; i++)) rather then using a local one).

Re: Shellshock

Posted: Thu Oct 16, 2014 5:09 pm
by foetz
armanox wrote:That's an easy one - variable scope. Consider the following C++ program

Code: Select all


#include <iostream>
using namespace std;

int main( int argc, char* argv[])
{
  int i = 2;
  for (int i = 0; i < 2; i++)
        cout << i << endl; // Prints 0 then 1
  cout << i << endl; // Prints 2
  return 0;
}

.

declaring i twice, putting in args that are never used and using c++ for something that trivial at all? :shock:

just pulling your leg, the point was clear anyway :P

Re: Shellshock

Posted: Thu Oct 16, 2014 5:58 pm
by armanox
foetz wrote:
armanox wrote:That's an easy one - variable scope. Consider the following C++ program

Code: Select all


#include <iostream>
using namespace std;

int main( int argc, char* argv[])
{
  int i = 2;
  for (int i = 0; i < 2; i++)
        cout << i << endl; // Prints 0 then 1
  cout << i << endl; // Prints 2
  return 0;
}

.

declaring i twice, putting in args that are never used and using c++ for something that trivial at all? :shock:

just pulling your leg, the point was clear anyway :P


Declaring i twice was needed for the demo :) The args are a habit, even if they aren't needed. And I happen to like C++, thank you very much. :p

Re: Shellshock

Posted: Fri Oct 17, 2014 7:25 pm
by vishnu
Not to be picayune, but dumping std into the global namespace is considered harmful... ;)

Code: Select all

#include <iostream>

int main(int argc, char ** argv)
{
    using namespace std;

    ...
    return 0;
}


Okay, so I am being picayune... :P

Re: Shellshock

Posted: Sat Oct 18, 2014 5:14 am
by foetz
haha, poor armanox :P

but since we're on it already why messing with c++ at all?

Code: Select all

   PROGRAM test
      INTEGER i = 2
   
      DO 10 i = 0, 1
         print *, i
10      continue
   
      print *, i
   END