On Tue, Dec 22, 2020 at 10:26 PM Chris Angelico <email@example.com> wrote:
A tight loop clearing the screen? If you have that, you have much
bigger problems :). But shelling out to clear/cls has another problem: it's a big ol'
dependency. You need to have the corresponding command, and it needs
to be accessible on $PATH, and so on and so forth.
I worry about the security concerns of having a common interactive command actually utilize an external executable. Yes, I trust the version of `clear` packaged with my Linux distribution, but it feels like sneaking in something malicious onto the path is a possible problem. I don't have a precise threat model in mind, but if you think of things like online hosted interpreters, or remote limited access to shells, or stuff like that, it starts to feel plausible that someone could do something bad.
I'm not sure about Windows. Is 'cls' built into the command-line executable itself (like Busybox) or is it an exe?
Somewhat supporting my concern, I just was surprised to find this:
% ll `which clear`
-rwxrwxr-x 2 dmertz 14344 Nov 14 17:07 /home/dmertz/miniconda3/bin/clear
% ll /usr/bin/clear
-rwxr-xr-x 1 root 14656 Feb 29 2020 /usr/bin/clear
Mind you, I generally trust the conda/conda-forge folks. But I absolutely would not have guessed that I run a different `clear` depending on whether I'm in an environment (and different environments each have their own `clear` it seems). This is not a symlink, but an actual different executable with a different size. In fact:
% find ~/miniconda3/envs -name 'clear' | xargs wc -c
Apparently I have at least 5 different `clear` executables installed on my system... and I only learned that in the last 2 minutes.
The dead increasingly dominate and strangle both the living and the
not-yet born. Vampiric capital and undead corporate persons abuse
the lives and control the thoughts of homo faber. Ideas, once born,
become abortifacients against new conceptions.