If you you run your parameters through awk or perl, you can also break them apart if you do not want to use eval.
Note that the backticks you used in your example are being executed prior to being fed to the perl script. Whatever the user can execute using backticks on your command line, he would have the privileges to execute directly before he executed your script.
The security "hole" only exists if you elevate privileges in your script and then have a way to execute arbitrary code, no?
If you are still concerned, perl or awk can split arbitrary strings just like the shell inside of the interpreter, but this is not entirely trivial.
You would just need to decide which expansions you would want to support and which not:
How do you pass parameters over to another script and run the receiving script? .
Here is an example of what I am talking about.
for x in `cat Allx`
do
su myaccount -c "/temp/scripts/temp_script $x" > /dev/null 2>$1 $
done
I was expecting the tem_script to be... (1 Reply)
Hi:- I need to parse a script 3 parameters (file, subject and email address). This is what I currently have:
allargs=$*
argcount=`echo $allargs | awk -F: '{ print NF }' ` # Total Number of arguments
pdffile=`echo $allargs | awk -F: '{ print $1 }' ` # PDF/binary file to be encoded... (4 Replies)
Sceduled backups with vdump have been delayed as a mounted system had crashed while I was away for 2 weeks. Now there are 5 simultaneous vdumps running very slowly. The full system backup usually takes a whole weekend.
Can I safely kill these? (I will have to live without a backup untill next... (4 Replies)
I have a job script that runs with input parms from the command line.
job.sh -p parm1_parm2_parm3_parm4_file_1.dat
The parms are separated by _
The last parm is a file name and can have an _ in the name.
I currently use the following commands to extract the parms
parm1=`eval echo... (3 Replies)
Hi all,
Am writing a script that does a rm/mv if a file exist, however, in one scenario, one of the variables which is supposed to a variable for a directory is undefined/blank so instead of the variable resolving to /tmp/logfile.dmp, it resolves instead to / so the rm translates to a rm /... (2 Replies)
I get a strange problem here, and ask for help.
(gdb)
28 set_file_bit( file, bytePos, bitPos, argv );
(gdb) p argv
$3 = 0xbfffef5c "00"
(gdb) s
set_file_bit (file=0x804b008, bytePos=2, bitPos=2, binary=0x80490e5 "11") at util/file.c:112
... (2 Replies)
Greetings,
I need some help performing a system admin function that I have been tasked with. The request seems simple enough, but my feeling is that it might be more complicated than it seems.
Here is what i've been tasked with:
SunOS 5.10 Generic_142900-15 sun4u sparc SUNW,SPARC-Enterprise... (3 Replies)
I am using:
reboot -- cdrom
However I'm afraid of causing file system errors/corruption. I've seen many threads say that
init 6
is safer, but I need to get to CDROM.
Is there a command that is as safe as init, but can boot to cdrom, or should I not worry so much about the reboot... (5 Replies)
I wanted to know whether all files under /tmp can be safely removed. I guess that /tmp may also have temporary files for applications currently being worked on, so at the most those applications may just shut down.
I hope that my question is clear whether all files under /tmp can be safely... (5 Replies)