Arbitrary execution in bash

12 September 2025   121 words   ~1 min
#bash #security

According to a recent post1,

you can safely do arithmetic in pure bash (i.e., without /usr/bin/[). printf can parse a numeric literal without performing “Arithmetic Expansion” (ACE in a trenchcoat):

printf -v parsedNum “%d” “$untrustedInput”

That printf will return non-zero if it didn’t parse, but it will also set parsedNum to zero, so even if you don’t check for a return code parsedNum is safe to evaluate in Arithmetic Expansion, as far as we can tell

  1. Quriad &mut selves Qyriad @[email protected] (Sep 11, 2025, 04:39 AM) Nicolas, Nick (November 20, 2014). “Greek Unicode Issues: Punctuation”. Thesaurus Linguae Graecae: A Digital Library of Greek Literature. University of California, Irvine. Archived from the original on January 18, 2015.". 2005. Accessed 7 October 2014. ↩︎

← prev next →