[[...]] is non-portable and has an extremely quirky corner case with variable ex...

ndsipa_pomu · 2026-01-15T13:56:06 1768485366

I'm intrigued - any info on that?

I personally use ((...)) for arithmetic tests and [[...]] for all other tests as I just target new versions of BASH and don't care much about POSIX compatibility.

PhilipRoman · 2026-01-15T22:40:05 1768516805

This is completely safe: [ "${payload}" -eq 42 ]

This can evaluate arbitrary code: [[ "${payload}" -eq 42 ]]

Here is one example of a malicious payload:

  payload='a[$(touch /tmp/pwned)]'

ndsipa_pomu · 2026-01-15T23:08:58 1768518538

Thanks.

Now I need to figure out whether (( payload == 42 )) is safe.

ndsipa_pomu · 2026-01-16T08:48:16 1768553296

It appears not.

account42 · 2026-01-15T14:10:21 1768486221

It also does wildcards though, with POSIX you'll need a case statement for that.