Is there any special characters that could make printing/displaying a filename dangerous in bash?

Question

So we know that if you're writing bash scripts that you have to be careful of special characters in filenames, things like spaces, and quotes, and newlines. I remember reading somewhere that event displaying/echoing/printing some filenames can be dangerous in bash. Is this true?

Is there any characters one can put in a filename that would be security problem if that filename were displayed/printed/echo'ed, etc.?

Presume I'm running bash on a linux system.

This isn't actually a problem I have now, nor one that I need to solve, this is more for curiosity and to see if this is a real thing

Answer 1

On misconfigured terminals and locales, UTF-8 might be dangerous, too. For several years I used a setup where printing UTF-8 text resulted in prepending several characters to the next command I typed.

$ cat file.txt
šómé ǧářbáǧě
$ 1;21

After typing ls, the result was

$ 1;21ls
1: command not found
21ls: command not found

Answer 2

As well as characters, command names could be an issue, given a file call rm

$ ls               # List files 
rm  somefile  

$ `ls`             # Why aren't my file listed?

$ ls               # Opps where did somefile go?
rm 

Watch out for what you are really doing in scripts when using backticks or eval.

Leading hyphens:

$ ls
-dumbfile

$ rm -dumbfile
rm: invalid option -- 'd'

$ rm -- -dumbfile   # use -- to delete files containing leading -

Answer 3

When echoing the worst thing that can happen to you is break of '' and then with the help of ; you can have arbitrary program execution vulnerability. This is the list of bash special chars:

" $ & ' () * ; < > ? [ \ ] ` { | } ~ space tab cr lf

Those could present a potential threat depending of their usage context.