{"id":38398,"date":"2023-02-07T17:10:30","date_gmt":"2023-02-07T22:10:30","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=38398"},"modified":"2023-02-07T20:02:23","modified_gmt":"2023-02-08T01:02:23","slug":"wordexp-shells-out","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/02\/07\/wordexp-shells-out\/","title":{"rendered":"wordexp() Shells Out"},"content":{"rendered":"<p><a href=\"https:\/\/twitter.com\/steveklabnik\/status\/1622307745138446337\">Steve Klabnik<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/steveklabnik\/status\/1622307745138446337\"><p>you: &ldquo;c is nice because there&rsquo;s no hidden costs, you see every malloc and free, and know that the standard library doesn&rsquo;t do shenanigans behind your back&rdquo;<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/mastodon.social\/@stroughtonsmith\/109819345925189299\">Steve Troughton-Smith<\/a>:<\/p>\n<blockquote cite=\"https:\/\/mastodon.social\/@stroughtonsmith\/109819345925189299\">\n<p>libc does <em>what<\/em> &#x1F61F;<\/p>\n<\/blockquote>\n\n<p>Apparently I forgot to <a href=\"https:\/\/github.com\/Apple-FOSS-Mirror\/Libc\/blob\/2ca2ae74647714acfc18674c3114b1a5d3325d7d\/gen\/wordexp.c#L192\">link to this<\/a> back when the story broke in <a href=\"https:\/\/twitter.com\/FioraAeterna\/status\/565015556676268034\">2015<\/a> and <a href=\"https:\/\/news.ycombinator.com\/item?id=9025572\">2016<\/a>. For many years, Apple implemented the <a href=\"https:\/\/developer.apple.com\/library\/archive\/documentation\/System\/Conceptual\/ManPages_iPhoneOS\/man3\/wordexp.3.html\">wordexp()<\/a> function by starting a separate process for a Perl interpreter. <a href=\"https:\/\/github.com\/apple-opensource\/Libc\/blob\/1e58108100bb5978535e093c14e5a3eebc666b70\/gen\/FreeBSD\/wordexp.c#L195\">Later<\/a>, this was changed to use <code> \/usr\/lib\/system\/wordexp-helper<\/code>, which may be based on Bash, and so perhaps the code can only be called that way <a href=\"https:\/\/news.ycombinator.com\/item?id=9025732\">because of the GPL<\/a>.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/06\/04\/scripting-languages-to-be-removed\/\">Scripting Languages to Be Removed<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/06\/04\/macos-10-15-switches-from-bash-to-zsh\/\">macOS 10.15 Switches From bash to zsh<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/01\/04\/mojaves-rsync-from-the-days-of-tiger\/\">Mojave&rsquo;s rsync From the Days of Tiger<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Steve Klabnik: you: &ldquo;c is nice because there&rsquo;s no hidden costs, you see every malloc and free, and know that the standard library doesn&rsquo;t do shenanigans behind your back&rdquo; Steve Troughton-Smith: libc does what &#x1F61F; Apparently I forgot to link to this back when the story broke in 2015 and 2016. For many years, Apple [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2023-02-07T22:10:37Z","apple_news_api_id":"ec162a1e-43a5-4c7e-932b-87e731aefa2b","apple_news_api_modified_at":"2023-02-08T01:02:29Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAQ==","apple_news_api_share_url":"https:\/\/apple.news\/A7BYqHkOlTH6TK4fnMa76Kw","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[767,45,30,903,475,991,252,71],"class_list":["post-38398","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-bash","tag-c","tag-mac","tag-mac-os-x-10-10-yosemite","tag-mavericks","tag-open-source-software","tag-perl","tag-programming"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/38398","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=38398"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/38398\/revisions"}],"predecessor-version":[{"id":38399,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/38398\/revisions\/38399"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=38398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=38398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=38398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}