Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Safely parsing parameters
Top Forums Shell Programming and Scripting Safely parsing parameters Post 302403090 by Corona688 on Thursday 11th of March 2010 11:01:30 AM
Old 03-11-2010
Safely parsing parameters
I have a string like
Code:
root=/dev/sda3 noacpi foo "Baz mumble"

which I would like to separate into tokens like a shell does. This would be easily done with eval but that would open a security hole big enough to drop a cow through, injecting arbitrary code would be easy as pie. How can I parse this into tokens without using the eval command and potentially running embedded commands?
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parsing Parameters

How do you pass parameters over to another script and run the receiving script? . Here is an example of what I am talking about. for x in `cat Allx` do su myaccount -c "/temp/scripts/temp_script $x" > /dev/null 2>$1 $ done I was expecting the tem_script to be... (1 Reply)
Discussion started by: odogbolu98
1 Replies

2. Shell Programming and Scripting

Help with parsing parameters

Hi:- I need to parse a script 3 parameters (file, subject and email address). This is what I currently have: allargs=$* argcount=`echo $allargs | awk -F: '{ print NF }' ` # Total Number of arguments pdffile=`echo $allargs | awk -F: '{ print $1 }' ` # PDF/binary file to be encoded... (4 Replies)
Discussion started by: janet
4 Replies

3. UNIX for Advanced & Expert Users

Can I safely kill vdump?

Sceduled backups with vdump have been delayed as a mounted system had crashed while I was away for 2 weeks. Now there are 5 simultaneous vdumps running very slowly. The full system backup usually takes a whole weekend. Can I safely kill these? (I will have to live without a backup untill next... (4 Replies)
Discussion started by: nickt
4 Replies

4. Shell Programming and Scripting

Help parsing job script input parameters

I have a job script that runs with input parms from the command line. job.sh -p parm1_parm2_parm3_parm4_file_1.dat The parms are separated by _ The last parm is a file name and can have an _ in the name. I currently use the following commands to extract the parms parm1=`eval echo... (3 Replies)
Discussion started by: jclanc8
3 Replies

5. Shell Programming and Scripting

How to safely rm/mv files/directory

Hi all, Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
Discussion started by: newbie_01
2 Replies

6. Programming

Value changed when parsing parameters

I get a strange problem here, and ask for help. (gdb) 28 set_file_bit( file, bytePos, bitPos, argv ); (gdb) p argv $3 = 0xbfffef5c "00" (gdb) s set_file_bit (file=0x804b008, bytePos=2, bitPos=2, binary=0x80490e5 "11") at util/file.c:112 ... (2 Replies)
Discussion started by: 915086731
2 Replies

7. Solaris

How to remove soft link safely

Greetings, I need some help performing a system admin function that I have been tasked with. The request seems simple enough, but my feeling is that it might be more complicated than it seems. Here is what i've been tasked with: SunOS 5.10 Generic_142900-15 sun4u sparc SUNW,SPARC-Enterprise... (3 Replies)
Discussion started by: Harleyrci
3 Replies

8. Solaris

need to safely reboot to cdrom

I am using: reboot -- cdrom However I'm afraid of causing file system errors/corruption. I've seen many threads say that init 6 is safer, but I need to get to CDROM. Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
Discussion started by: lcoreyl
5 Replies

9. Red Hat

Can all files under /tmp be safely removed

I wanted to know whether all files under /tmp can be safely removed. I guess that /tmp may also have temporary files for applications currently being worked on, so at the most those applications may just shut down. I hope that my question is clear whether all files under /tmp can be safely... (5 Replies)
Discussion started by: RHCE
5 Replies

LEARN ABOUT PHP

eval

EVAL(3) 								 1								   EVAL(3)

eval - Evaluate a string as PHP code

SYNOPSIS

       mixed eval (string  $code)

DESCRIPTION

	Evaluates the given $code as PHP.

       Caution

	       The  eval(3)  language construct is very dangerous because it allows execution of arbitrary PHP code.  Its use thus is discouraged.
	      If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any  user
	      provided data into it without properly validating it beforehand.

PARAMETERS

	      o $code
		- Valid PHP code to be evaluated.  The code mustn't be wrapped in opening and closing PHP tags, i.e.  'echo "Hi!";' must be passed
		instead of '<? echo "Hi!"; >'. It is still possible to leave and reenter PHP mode though using	the  appropriate  PHP  tags,  e.g.
		'echo  "In  PHP  mode!";  ?>In	HTML  mode!<? echo "Back in PHP mode!";'.  Apart from that the passed code must be valid PHP. This
		includes that all statements must be properly terminated using a semicolon.  'echo "Hi!"' for example will cause  a  parse  error,
		whereas 'echo "Hi!";' will work.  A return statement will immediately terminate the evaluation of the code.  The code will be exe-
		cuted in the scope of the code calling eval(3). Thus any variables defined or changed in the  eval(3)  call  will  remain  visible
		after it terminates.

RETURN VALUES

       eval(3)	returns  NULL  unless  return is called in the evaluated code, in which case the value passed to return is returned. If there is a
       parse error in the evaluated code, eval(3) returns FALSE and execution of the following code continues normally.  It  is  not  possible	to
       catch a parse error in eval(3) using set_error_handler(3).

EXAMPLES

       Example #1

	      eval(3) example - simple text merge

	      <?php
	      $string = 'cup';
	      $name = 'coffee';
	      $str = 'This is a $string with my $name in it.';
	      echo $str. "
";
	      eval("$str = "$str";");
	      echo $str. "
";
	      ?>

	      The above example will output:

	      This is a $string with my $name in it.
	      This is a cup with my coffee in it.

NOTES

       Note

	      Because this is a language construct and not a function, it cannot be called using variable functions.

       Tip

	      As  with anything that outputs its result directly to the browser, the output-control functions can be used to capture the output of
	      this function, and save it in a string (for example).

       Note

	       In case of a fatal error in the evaluated code, the whole script exits.

SEE ALSO

       call_user_func(3).

PHP Documentation Group 														   EVAL(3)
All times are GMT -4. The time now is 01:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy