pfr should I replace all of the double quotes in my alias list with single quotes for correctness?
Don't bother: if it ain't broke, don't fix it.
pfr I dont think I'd ever do anything so heinous!
That's mostly harmless. This, is heinous:
Let's say Dashing Dave has a bunch of text files in some shared writable directory:
$ ls -l
total 8
-rw-r--r-- 1 dave wheel 2 27 Nov 21:59 foo1.txt
-rw-r--r-- 1 dave wheel 2 27 Nov 21:59 foo2.txt
$
Dave's mortal enemy Dastardly Dick just adds a cute little file:
$ >'foo3.txt;echo hacked>passwd;rm -f foo3*'
$
then...waits. One day, our hero Dave does this:
$ runas cat foo* # ho hum, just 'nother day
Password: # script working as per spec., I see...
1
2
cat: foo3.txt: No such file or directory # pfft! NetBSD acting weird again!
$ ls -l # let's see...nope, nothing wrong here.
total 12
-rw-r--r-- 1 dave wheel 2 27 Nov 21:59 foo1.txt
-rw-r--r-- 1 dave wheel 2 27 Nov 21:59 foo2.txt
-rw-r--r-- 1 dave wheel 7 27 Nov 22:00 passwd
$ cat passwd # Dastardly Dick strikes again!
hacked
$
Replace passwd
with /etc/passwd
and you'll see why Dave would be dashed. (This is why I've got that elaborate quoting machinery in my sued
script.)