Hacker News new | ask | show | jobs
by deepsun 6 days ago
I would argue that command line is for human input, so the failure already happened when they composed a `ping` shell command programmatically.

Granted, a lot of software works like that, but the command line was invented as a human interface, we just bungee-strapped a computer instead.
1 comments
manjalyc 6 days ago
On the other hand, seperating concerns by process boundaries leads to more secure, composable and stable code. By not reinventing the wheel, you avoid a whole class of problems. Of course a stable API or library might be better, but convenience always wins out.
link
deepsun 5 days ago
No-no, I mean launch processes by all means, just without shell substitutions.

Ever noticed that docker (and k8s) accept command line as an array? That's the way to go. It does not expand any env variables, path expansions (.. or *). Like

   command: ["java", "Main.java"]
But people hack it in order to get shell features, and that is the failure I mean:

   command: ["sh", "-c", "java Main.java"]
the second example runs shell, and shell is for humans, so is vulnerable to the attacks above.
link