Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Safely parsing parameters
Top Forums Shell Programming and Scripting Safely parsing parameters Post 302405346 by drewk on Thursday 18th of March 2010 03:07:47 PM
Old 03-18-2010
If you you run your parameters through awk or perl, you can also break them apart if you do not want to use eval.

Code:
perl -nle 'BEGIN {map {print} @ARGV; exit;}' root=/dev/sda3 noacpi foo "Baz mumble" `echo muahahahaha >&2`
muahahahaha
root=/dev/sda3
noacpi
foo
Baz mumble

Note that the backticks you used in your example are being executed prior to being fed to the perl script. Whatever the user can execute using backticks on your command line, he would have the privileges to execute directly before he executed your script.

The security "hole" only exists if you elevate privileges in your script and then have a way to execute arbitrary code, no?

If you are still concerned, perl or awk can split arbitrary strings just like the shell inside of the interpreter, but this is not entirely trivial.

You would just need to decide which expansions you would want to support and which not:

Shell Expansions - Bash Reference Manual
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parsing Parameters

How do you pass parameters over to another script and run the receiving script? . Here is an example of what I am talking about. for x in `cat Allx` do su myaccount -c "/temp/scripts/temp_script $x" > /dev/null 2>$1 $ done I was expecting the tem_script to be... (1 Reply)
Discussion started by: odogbolu98
1 Replies

2. Shell Programming and Scripting

Help with parsing parameters

Hi:- I need to parse a script 3 parameters (file, subject and email address). This is what I currently have: allargs=$* argcount=`echo $allargs | awk -F: '{ print NF }' ` # Total Number of arguments pdffile=`echo $allargs | awk -F: '{ print $1 }' ` # PDF/binary file to be encoded... (4 Replies)
Discussion started by: janet
4 Replies

3. UNIX for Advanced & Expert Users

Can I safely kill vdump?

Sceduled backups with vdump have been delayed as a mounted system had crashed while I was away for 2 weeks. Now there are 5 simultaneous vdumps running very slowly. The full system backup usually takes a whole weekend. Can I safely kill these? (I will have to live without a backup untill next... (4 Replies)
Discussion started by: nickt
4 Replies

4. Shell Programming and Scripting

Help parsing job script input parameters

I have a job script that runs with input parms from the command line. job.sh -p parm1_parm2_parm3_parm4_file_1.dat The parms are separated by _ The last parm is a file name and can have an _ in the name. I currently use the following commands to extract the parms parm1=`eval echo... (3 Replies)
Discussion started by: jclanc8
3 Replies

5. Shell Programming and Scripting

How to safely rm/mv files/directory

Hi all, Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
Discussion started by: newbie_01
2 Replies

6. Programming

Value changed when parsing parameters

I get a strange problem here, and ask for help. (gdb) 28 set_file_bit( file, bytePos, bitPos, argv ); (gdb) p argv $3 = 0xbfffef5c "00" (gdb) s set_file_bit (file=0x804b008, bytePos=2, bitPos=2, binary=0x80490e5 "11") at util/file.c:112 ... (2 Replies)
Discussion started by: 915086731
2 Replies

7. Solaris

How to remove soft link safely

Greetings, I need some help performing a system admin function that I have been tasked with. The request seems simple enough, but my feeling is that it might be more complicated than it seems. Here is what i've been tasked with: SunOS 5.10 Generic_142900-15 sun4u sparc SUNW,SPARC-Enterprise... (3 Replies)
Discussion started by: Harleyrci
3 Replies

8. Solaris

need to safely reboot to cdrom

I am using: reboot -- cdrom However I'm afraid of causing file system errors/corruption. I've seen many threads say that init 6 is safer, but I need to get to CDROM. Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
Discussion started by: lcoreyl
5 Replies

9. Red Hat

Can all files under /tmp be safely removed

I wanted to know whether all files under /tmp can be safely removed. I guess that /tmp may also have temporary files for applications currently being worked on, so at the most those applications may just shut down. I hope that my question is clear whether all files under /tmp can be safely... (5 Replies)
Discussion started by: RHCE
5 Replies

LEARN ABOUT DEBIAN

bup-margin

bup-margin(1)						      General Commands Manual						     bup-margin(1)

NAME

       bup-margin - figure out your deduplication safety margin

SYNOPSIS

       bup margin [options...]

DESCRIPTION

       bup margin  iterates  through  all  objects  in	your  bup repository, calculating the largest number of prefix bits shared between any two
       entries.  This number, n, identifies the longest subset of SHA-1 you could use and still encounter a collision between your object ids.

       For example, one system that was tested had a collection of 11 million objects (70 GB), and bup margin returned 45.  That  means  a  46-bit
       hash  would be sufficient to avoid all collisions among that set of objects; each object in that repository could be uniquely identified by
       its first 46 bits.

       The number of bits needed seems to increase by about 1 or 2 for every doubling of the number of objects.  Since SHA-1 hashes have 160 bits,
       that  leaves 115 bits of margin.  Of course, because SHA-1 hashes are essentially random, it's theoretically possible to use many more bits
       with far fewer objects.

       If you're paranoid about the possibility of SHA-1 collisions, you can monitor your repository by running bup margin occasionally to see	if
       you're getting dangerously close to 160 bits.

OPTIONS

       --predict
	      Guess  the offset into each index file where a particular object will appear, and report the maximum deviation of the correct answer
	      from the guess.  This is potentially useful for tuning an interpolation search algorithm.

       --ignore-midx
	      don't use .midx files, use only .idx files.  This is only really useful when used with --predict.

EXAMPLE

	      $ bup margin
	      Reading indexes: 100.00% (1612581/1612581), done.
	      40
	      40 matching prefix bits
	      1.94 bits per doubling
	      120 bits (61.86 doublings) remaining
	      4.19338e+18 times larger is possible

	      Everyone on earth could have 625878182 data sets
	      like yours, all in one repository, and we would
	      expect 1 object collision.

	      $ bup margin --predict
	      PackIdxList: using 1 index.
	      Reading indexes: 100.00% (1612581/1612581), done.
	      915 of 1612581 (0.057%)

SEE ALSO

       bup-midx(1), bup-save(1)

BUP

       Part of the bup(1) suite.

AUTHORS

       Avery Pennarun <apenwarr@gmail.com>.

Bup unknown-															     bup-margin(1)
All times are GMT -4. The time now is 03:13 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy