Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Safely parsing parameters
Top Forums Shell Programming and Scripting Safely parsing parameters Post 302403147 by cfajohnson on Thursday 11th of March 2010 04:00:05 PM
Old 03-11-2010
Quote:
Originally Posted by Corona688
There's plenty wrong with using eval.

Code:
$ string='root=/dev/sda3 noacpi foo "Baz mumble" `echo muahahahaha >&2`'
$ eval "set -- $string"
muahahahaha
$

Now imagine if someone fed it `find /dev -type b -exec dd if=/dev/urandom of={}`.

I don't want my strings to be able to execute arbitrary code like this.

If you put that into the string variable and execute the line I posted, nothing will happen other than the tokens being placed into the positional parameters. The code in $string will not be executed.

Code:
$ string='find /dev -type b -exec dd if=/dev/urandom of={}'
$ eval "set -- $string"
$ printf "%s\n" "$@"
find
/dev
-type
b
-exec
dd
if=/dev/urandom
of={}

There are no ill effects.
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parsing Parameters

How do you pass parameters over to another script and run the receiving script? . Here is an example of what I am talking about. for x in `cat Allx` do su myaccount -c "/temp/scripts/temp_script $x" > /dev/null 2>$1 $ done I was expecting the tem_script to be... (1 Reply)
Discussion started by: odogbolu98
1 Replies

2. Shell Programming and Scripting

Help with parsing parameters

Hi:- I need to parse a script 3 parameters (file, subject and email address). This is what I currently have: allargs=$* argcount=`echo $allargs | awk -F: '{ print NF }' ` # Total Number of arguments pdffile=`echo $allargs | awk -F: '{ print $1 }' ` # PDF/binary file to be encoded... (4 Replies)
Discussion started by: janet
4 Replies

3. UNIX for Advanced & Expert Users

Can I safely kill vdump?

Sceduled backups with vdump have been delayed as a mounted system had crashed while I was away for 2 weeks. Now there are 5 simultaneous vdumps running very slowly. The full system backup usually takes a whole weekend. Can I safely kill these? (I will have to live without a backup untill next... (4 Replies)
Discussion started by: nickt
4 Replies

4. Shell Programming and Scripting

Help parsing job script input parameters

I have a job script that runs with input parms from the command line. job.sh -p parm1_parm2_parm3_parm4_file_1.dat The parms are separated by _ The last parm is a file name and can have an _ in the name. I currently use the following commands to extract the parms parm1=`eval echo... (3 Replies)
Discussion started by: jclanc8
3 Replies

5. Shell Programming and Scripting

How to safely rm/mv files/directory

Hi all, Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
Discussion started by: newbie_01
2 Replies

6. Programming

Value changed when parsing parameters

I get a strange problem here, and ask for help. (gdb) 28 set_file_bit( file, bytePos, bitPos, argv ); (gdb) p argv $3 = 0xbfffef5c "00" (gdb) s set_file_bit (file=0x804b008, bytePos=2, bitPos=2, binary=0x80490e5 "11") at util/file.c:112 ... (2 Replies)
Discussion started by: 915086731
2 Replies

7. Solaris

How to remove soft link safely

Greetings, I need some help performing a system admin function that I have been tasked with. The request seems simple enough, but my feeling is that it might be more complicated than it seems. Here is what i've been tasked with: SunOS 5.10 Generic_142900-15 sun4u sparc SUNW,SPARC-Enterprise... (3 Replies)
Discussion started by: Harleyrci
3 Replies

8. Solaris

need to safely reboot to cdrom

I am using: reboot -- cdrom However I'm afraid of causing file system errors/corruption. I've seen many threads say that init 6 is safer, but I need to get to CDROM. Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
Discussion started by: lcoreyl
5 Replies

9. Red Hat

Can all files under /tmp be safely removed

I wanted to know whether all files under /tmp can be safely removed. I guess that /tmp may also have temporary files for applications currently being worked on, so at the most those applications may just shut down. I hope that my question is clear whether all files under /tmp can be safely... (5 Replies)
Discussion started by: RHCE
5 Replies

LEARN ABOUT SUSE

mcookie

MCOOKIE(1)						     Linux Programmer's Manual							MCOOKIE(1)

NAME

       mcookie - generate magic cookies for xauth

SYNOPSIS

       mcookie [-v] [-f filename]

DESCRIPTION

       mcookie generates a 128-bit random hexadecimal number for use with the X authority system.  Typical usage:
	      xauth add :0 . `mcookie`

       The  "random"  number generated is actually the output of the MD5 message digest fed with various pieces of random information: the current
       time, the process id, the parent process id, the contents of an input file (if -f is specified), and several bytes of information from  the
       first of the following devices which is present: /dev/random, /dev/urandom, files in /proc, /dev/audio.

BUGS

       The entropy in the generated 128-bit is probably quite small (and, therefore, vulnerable to attack) unless a non-pseudorandom number gener-
       ator is used (e.g., /dev/random under Linux).

       It is assumed that none of the devices opened will block.

FILES

       /dev/random
       /dev/urandom
       /dev/audio
       /proc/stat
       /proc/loadavg

SEE ALSO

       X(1), xauth(1), md5sum(1)

AVAILABILITY

       The mcookie command is part of the util-linux-ng package and is available from ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/.

								 25 September 1995							MCOOKIE(1)
All times are GMT -4. The time now is 02:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy