[woodruffw]

(Author of the post.)

Yep, this is specifically a bashism (by way of being a kshism). However, it's worth noting that the second variant (`type -v`) will work in `[` and `test`.

(It's also a still a bashism, but IME people don't realize how little of `type` is actually POSIX.)

[alganet]

The second variant (test -v) for me doesn't error out, but also doesn't write the /tmp/pwnd file, which tells me there is no subscript eval there.

[woodruffw]

Did you run it in bash, or in sh? It won't work in a strictly POSIX sh (in that context, I assume `type` will attempt to query each argument as if it were a PATH candidate, and then return nothing).

For reference, this works for me in Bash 5.2:

    test -v 'x[$(cat /etc/passwd)]'

[alganet]

I ran it by creating a file named "guess.sh" with the function and a `guess "$@"` call to it, then passing 'a[$(cat /etc/passwd > /tmp/pwned)] + 42' as a parameter to the script. Bash 5.2.

[yjftsjthsd-h]

What shell and what `test` are you using?

[alganet]

In this case I did some tests with latest dash and latest bash. I tested only with builtin `test`.

[jcranmer]

> (It's also a still a bashism, but IME people don't realize how little of `type` is actually POSIX.)

I just declare all of my shell scripts to use bash, since I've got no idea how much of anything is a bashism versus POSIX, and I hate shell scripts enough that I don't care to learn.

[usr1106]

You are defining a function and then you use it interactively. That does not demonstrate that bash scripting is dangerous. Can you demonstrate the problem in a script?

Yes, you can do dangerous things in bash scripts. This might be one of them. Not at my computer now and no time to experiment.