Differences between revisions 8 and 9
Revision 8 as of 2009-04-27 14:12:52
Size: 2359
Editor: GreyCat
Comment:
Revision 9 as of 2009-06-09 19:47:30
Size: 2735
Editor: localhost
Comment:
Deletions are marked like this. Additions are marked like this.
Line 25: Line 25:
 * '''Dropping permissions'''. It can be tough to make a bash script safe to execute as root. In languages like C, perl, and python, you can easily drop privileges at a certain point. With bash, this is tricky, because while you can run su or sudo, you lose variables, and even the executing environment. Use a proper programming language if you have security worries.

This is a stub. Please fill in the missing pieces.

There are certain things BASH is not very good at. There are certain tasks you shouldn't do in bash, unless you really, truly have to. It's often better to switch to a different language for most of these tasks.

  • Floating point math. Bash has only integer math. Use bc(1) or AWK instead.

  • Data structures. Bash does not have Pascal-style records (C-style structs); nor does it have pointers. Any attempt to create advanced data structures (stacks, queues, linked lists, binary trees...) will have to be done with extremely primitive hacks.

  • Associative arrays (fixed in bash 4.0). Use AWK or perl or Tcl instead.

  • Fancy ProcessManagement. Bash has nothing analogous to select(2) or poll(2). Use C instead.

  • XML and HTML (or alike) parsing. You'd need external tools for that, at best, use Perl.

  • Binary data. Bash has no way to store the null byte, so binary data either has to be encoded or placed awkwardly in an array. Parsing binary data is also a problem. Try perl or C.

  • Text Processing. Though Bash has fairly advanced string manipulation features it's not designed for this. The shell is made to run commands, if are only processing text, an AWK or perl script is going to be much much MUCH faster. If you are going to process text with bash, be sure to learn about the pitfalls associated with read.

  • Database queries. When retrieving a tuple from a relational database, there is no way for Bash to understand where one element of the tuple ends and the next begins. In general, Bash is not suited to any sort of data retrieval that extracts multiple data values in a single operation, unless there is a clearly defined delimiter between fields. For database queries (SQL or otherwise), switch to a language that supports the database's query API.

  • Variable declarations. While you can do some limited amount of declaration with the builtin declare command, There is no protection against misspelling variable names. In each case where you type a variable name wrong, you will have to run the program, discover that it fails, and waste time finding it, though using "set -u" might help.

  • Dropping permissions. It can be tough to make a bash script safe to execute as root. In languages like C, perl, and python, you can easily drop privileges at a certain point. With bash, this is tricky, because while you can run su or sudo, you lose variables, and even the executing environment. Use a proper programming language if you have security worries.


CategoryShell

BashWeaknesses (last edited 2022-09-01 18:14:07 by 188)