Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Safely parsing parameters
Top Forums Shell Programming and Scripting Safely parsing parameters Post 302403147 by cfajohnson on Thursday 11th of March 2010 04:00:05 PM
Old 03-11-2010
Quote:
Originally Posted by Corona688
There's plenty wrong with using eval.

Code:
$ string='root=/dev/sda3 noacpi foo "Baz mumble" `echo muahahahaha >&2`'
$ eval "set -- $string"
muahahahaha
$

Now imagine if someone fed it `find /dev -type b -exec dd if=/dev/urandom of={}`.

I don't want my strings to be able to execute arbitrary code like this.

If you put that into the string variable and execute the line I posted, nothing will happen other than the tokens being placed into the positional parameters. The code in $string will not be executed.

Code:
$ string='find /dev -type b -exec dd if=/dev/urandom of={}'
$ eval "set -- $string"
$ printf "%s\n" "$@"
find
/dev
-type
b
-exec
dd
if=/dev/urandom
of={}

There are no ill effects.
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parsing Parameters

How do you pass parameters over to another script and run the receiving script? . Here is an example of what I am talking about. for x in `cat Allx` do su myaccount -c "/temp/scripts/temp_script $x" > /dev/null 2>$1 $ done I was expecting the tem_script to be... (1 Reply)
Discussion started by: odogbolu98
1 Replies

2. Shell Programming and Scripting

Help with parsing parameters

Hi:- I need to parse a script 3 parameters (file, subject and email address). This is what I currently have: allargs=$* argcount=`echo $allargs | awk -F: '{ print NF }' ` # Total Number of arguments pdffile=`echo $allargs | awk -F: '{ print $1 }' ` # PDF/binary file to be encoded... (4 Replies)
Discussion started by: janet
4 Replies

3. UNIX for Advanced & Expert Users

Can I safely kill vdump?

Sceduled backups with vdump have been delayed as a mounted system had crashed while I was away for 2 weeks. Now there are 5 simultaneous vdumps running very slowly. The full system backup usually takes a whole weekend. Can I safely kill these? (I will have to live without a backup untill next... (4 Replies)
Discussion started by: nickt
4 Replies

4. Shell Programming and Scripting

Help parsing job script input parameters

I have a job script that runs with input parms from the command line. job.sh -p parm1_parm2_parm3_parm4_file_1.dat The parms are separated by _ The last parm is a file name and can have an _ in the name. I currently use the following commands to extract the parms parm1=`eval echo... (3 Replies)
Discussion started by: jclanc8
3 Replies

5. Shell Programming and Scripting

How to safely rm/mv files/directory

Hi all, Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
Discussion started by: newbie_01
2 Replies

6. Programming

Value changed when parsing parameters

I get a strange problem here, and ask for help. (gdb) 28 set_file_bit( file, bytePos, bitPos, argv ); (gdb) p argv $3 = 0xbfffef5c "00" (gdb) s set_file_bit (file=0x804b008, bytePos=2, bitPos=2, binary=0x80490e5 "11") at util/file.c:112 ... (2 Replies)
Discussion started by: 915086731
2 Replies

7. Solaris

How to remove soft link safely

Greetings, I need some help performing a system admin function that I have been tasked with. The request seems simple enough, but my feeling is that it might be more complicated than it seems. Here is what i've been tasked with: SunOS 5.10 Generic_142900-15 sun4u sparc SUNW,SPARC-Enterprise... (3 Replies)
Discussion started by: Harleyrci
3 Replies

8. Solaris

need to safely reboot to cdrom

I am using: reboot -- cdrom However I'm afraid of causing file system errors/corruption. I've seen many threads say that init 6 is safer, but I need to get to CDROM. Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
Discussion started by: lcoreyl
5 Replies

9. Red Hat

Can all files under /tmp be safely removed

I wanted to know whether all files under /tmp can be safely removed. I guess that /tmp may also have temporary files for applications currently being worked on, so at the most those applications may just shut down. I hope that my question is clear whether all files under /tmp can be safely... (5 Replies)
Discussion started by: RHCE
5 Replies

LEARN ABOUT OPENSOLARIS

urandom

random(7D)							      Devices								random(7D)

NAME

       random, urandom - Strong random number generator device

SYNOPSIS

       /dev/random

       /dev/urandom

DESCRIPTION

       The /dev/random and /dev/urandom files are special files that are a source for random bytes generated by the kernel random number generator
       device. The /dev/random and /dev/urandom files are suitable for applications requiring high quality random numbers for  cryptographic  pur-
       poses.

       The  generator  device  produces  random  numbers from data and devices available to the kernel and estimates  the amount of randomness (or
       "entropy") collected from these sources. The entropy level determines the amount of high quality random numbers	that  are  produced  at  a
       given time.

       Applications  retrieve random bytes by reading /dev/random or /dev/urandom. The /dev/random interface returns random bytes only when suffi-
       cient amount of entropy has been collected. If there is no entropy to produce the requested number of bytes, /dev/random blocks until  more
       entropy	can  be  obtained.  Non-blocking  I/O  mode  can be used to disable the blocking behavior. The /dev/random interface also supports
       poll(2). Note that using poll(2) will not increase the speed at which random numbers can be read.

       Bytes retrieved from /dev/random provide the highest quality random numbers produced by the generator, and can be  used	to  generate  long
       term keys and other high value keying material.

       The  /dev/urandom interface returns bytes regardless of the amount of entropy available. It does not block on a read request due to lack of
       entropy. While bytes produced by the /dev/urandom interface are of lower quality than bytes produced by /dev/random, they  are  nonetheless
       suitable for less demanding and shorter term cryptographic uses such as short term session keys, paddings, and challenge strings.

       Data  can  be written to /dev/random and /dev/urandom. Data written to either special file is added to the generator's internal state. Data
       that is difficult to predict by other users may contribute randomness to the generator state and help improve the quality of future  gener-
       ated random numbers.

       /dev/random  collects  entropy from providers that are registered with the kernel-level cryptographic framework and implement random number
       generation routines. The cryptoadm(1M) utility allows an administrator to configure which providers will be used with /dev/random.

ERRORS

       EAGAIN	  O_NDELAY or O_NONBLOCK was set and no random bytes are available for reading from /dev/random.

       EINTR	  A signal was caught while reading and no data was		transferred.

       ENOXIO	  open(2) request failed on /dev/random because no entropy provider is available.

FILES

       /dev/random

       /dev/urandom

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     | SUNWcsr			   |
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       cryptoadm(1M), open(2), poll(2), attributes(5)

NOTES

       /dev/random can be configured to use only the hardware-based providers registered with the kernel-level	cryptographic  framework  by  dis-
       abling the software-based provider using cryptoadm(1M). You can also use cryptoadm(1M) to obtain the name of the software-based provider.

       Because	no  entropy  is  available, disabling all randomness providers causes read(2) and poll(2) on /dev/random to block indefinitely and
       results in a warning message being logged and displayed on the system console. However, read(2) and poll(2)  on	/dev/urandom  continue	to
       work in this case.

       An implementation of the /dev/random and /dev/urandom kernel-based random number generator first appeared in Linux 1.3.30.

       A /dev/random interface for Solaris first appeared as part of the CryptoRand implementation.

SunOS 5.11							    1 Sep 2008								random(7D)
All times are GMT -4. The time now is 05:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy