I have a string like
which I would like to separate into tokens like a shell does. This would be easily done with eval but that would open a security hole big enough to drop a cow through, injecting arbitrary code would be easy as pie. How can I parse this into tokens without using the eval command and potentially running embedded commands?
How do you pass parameters over to another script and run the receiving script? .
Here is an example of what I am talking about.
for x in `cat Allx`
do
su myaccount -c "/temp/scripts/temp_script $x" > /dev/null 2>$1 $
done
I was expecting the tem_script to be... (1 Reply)
Hi:- I need to parse a script 3 parameters (file, subject and email address). This is what I currently have:
allargs=$*
argcount=`echo $allargs | awk -F: '{ print NF }' ` # Total Number of arguments
pdffile=`echo $allargs | awk -F: '{ print $1 }' ` # PDF/binary file to be encoded... (4 Replies)
Sceduled backups with vdump have been delayed as a mounted system had crashed while I was away for 2 weeks. Now there are 5 simultaneous vdumps running very slowly. The full system backup usually takes a whole weekend.
Can I safely kill these? (I will have to live without a backup untill next... (4 Replies)
I have a job script that runs with input parms from the command line.
job.sh -p parm1_parm2_parm3_parm4_file_1.dat
The parms are separated by _
The last parm is a file name and can have an _ in the name.
I currently use the following commands to extract the parms
parm1=`eval echo... (3 Replies)
Hi all,
Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
I get a strange problem here, and ask for help.
(gdb)
28 set_file_bit( file, bytePos, bitPos, argv );
(gdb) p argv
$3 = 0xbfffef5c "00"
(gdb) s
set_file_bit (file=0x804b008, bytePos=2, bitPos=2, binary=0x80490e5 "11") at util/file.c:112
... (2 Replies)
Greetings,
I need some help performing a system admin function that I have been tasked with. The request seems simple enough, but my feeling is that it might be more complicated than it seems.
Here is what i've been tasked with:
SunOS 5.10 Generic_142900-15 sun4u sparc SUNW,SPARC-Enterprise... (3 Replies)
I am using:
reboot -- cdrom
However I'm afraid of causing file system errors/corruption. I've seen many threads say that
init 6
is safer, but I need to get to CDROM.
Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
I wanted to know whether all files under /tmp can be safely removed. I guess that /tmp may also have temporary files for applications currently being worked on, so at the most those applications may just shut down.
I hope that my question is clear whether all files under /tmp can be safely... (5 Replies)
Discussion started by: RHCE
5 Replies
LEARN ABOUT DEBIAN
shell-quote
SHELL-QUOTE(1p) User Contributed Perl Documentation SHELL-QUOTE(1p)NAME
shell-quote - quote arguments for safe use, unmodified in a shell command
SYNOPSIS
shell-quote [switch]... arg...
DESCRIPTION
shell-quote lets you pass arbitrary strings through the shell so that they won't be changed by the shell. This lets you process commands
or files with embedded white space or shell globbing characters safely. Here are a few examples.
EXAMPLES
ssh preserving args
When running a remote command with ssh, ssh doesn't preserve the separate arguments it receives. It just joins them with spaces and
passes them to "$SHELL -c". This doesn't work as intended:
ssh host touch 'hi there' # fails
It creates 2 files, hi and there. Instead, do this:
cmd=`shell-quote touch 'hi there'`
ssh host "$cmd"
This gives you just 1 file, hi there.
process find output
It's not ordinarily possible to process an arbitrary list of files output by find with a shell script. Anything you put in $IFS to
split up the output could legitimately be in a file's name. Here's how you can do it using shell-quote:
eval set -- `find -type f -print0 | xargs -0 shell-quote --`
debug shell scripts
shell-quote is better than echo for debugging shell scripts.
debug() {
[ -z "$debug" ] || shell-quote "debug:" "$@"
}
With echo you can't tell the difference between "debug 'foo bar'" and "debug foo bar", but with shell-quote you can.
save a command for later
shell-quote can be used to build up a shell command to run later. Say you want the user to be able to give you switches for a command
you're going to run. If you don't want the switches to be re-evaluated by the shell (which is usually a good idea, else there are
things the user can't pass through), you can do something like this:
user_switches=
while [ $# != 0 ]
do
case x$1 in
x--pass-through)
[ $# -gt 1 ] || die "need an argument for $1"
user_switches="$user_switches "`shell-quote -- "$2"`
shift;;
# process other switches
esac
shift
done
# later
eval "shell-quote some-command $user_switches my args"
OPTIONS --debug
Turn debugging on.
--help
Show the usage message and die.
--version
Show the version number and exit.
AVAILABILITY
The code is licensed under the GNU GPL. Check http://www.argon.org/~roderick/ or CPAN for updated versions.
AUTHOR
Roderick Schertler <roderick@argon.org>
perl v5.8.4 2005-05-03 SHELL-QUOTE(1p)