Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Passing varibles as a string argument ?
Top Forums Shell Programming and Scripting Passing varibles as a string argument ? Post 302575200 by secops on Monday 21st of November 2011 12:15:54 AM
Old 11-21-2011
Quote:
Originally Posted by mirni
Although this construct will work, I would like to suggest you redesign the script. The reason is security vulnerability that you are implicitly building into it. What if the user runs the script with "./test.sh rm -r /" (don't run this!)? Your script would execute that command obediently.
You'd be better off to stay away from 'eval', if you cannot have total control of the argument of 'eval'. In other words, invoking eval on a user-defined input can be dangerous.

You might want to hard-code the command into your script, and then just pass the argument to it, something like:

Code:
#!/bin/bash
arg=$1
#do whatever
echo $arg

and then call the script with
Code:
./test.sh "$var"

If you can show us a bigger picture of what you are trying to accomplish, we could suggest a better way to implement it.
Thanks for pointing that out.

If the user tried to delete the root directory, wouldn't it stop them because they aren't root?

Basically, I've made a bash script that runs commands passed to it on multiple devices.

Then, for scheduled tasks, I'm having the script be called with commands and variables to facilitate easier management.

The tricky part is making it so a user can do something like ./send-commands devicelist "ssh $username@$device" which I've fixed using the eval method.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Problem with Argument Passing

Greetings, I am wrapping the monitoring commands like vmstat, sar, iostat and call via arguments I want ./unix_stats.sh -v vmstat -p <SEC> -d <Duration> to give vmstat values, and similarly iostat etc.,. Also if I give ./unix_stats.sh -v vmstat -i iostat -p <SEC> -d <Duration> should give... (4 Replies)
Discussion started by: A_Rod
4 Replies

2. Shell Programming and Scripting

Argument passing using for or while loop

Hi All, My query is as below: Am basically writing a parser script. My input file has got some variables which are populated by the calling program. callig program: fun1("cat","dog","cow") input.* argument first argument second I want to write a script that should give me... (4 Replies)
Discussion started by: jisha
4 Replies

3. Shell Programming and Scripting

passing Argument

Hi All, i have script like below.. echo "1) first option" echo "" echo "2) second option" echo "" echo "*) please enter the correct option" read select case $select in 1) echo "first option selected" ;; 2) echo "second option selected" ;; *) echo "please enter the correct... (4 Replies)
Discussion started by: Shahul
4 Replies

4. Shell Programming and Scripting

Passing argument to nawk

Hi all I have got a file digits.data containing the following data 1 3 4 2 4 9 7 3 1 7 3 10 I am writing a script that will pass an argument from C-shell to nawk command. But it seems the values in the nawk comman does not get set. the program does not print no values out. Here is the... (2 Replies)
Discussion started by: ganiel24
2 Replies

5. Programming

Passing argument to command in C

Hello all, New to C and I'm trying to write a program which can run a unix command. Would like to have the option of giving the user the ability to enter arguments e.g for "ls" be able to run "ls -l". I would appreciate any help. Thanks #include <stdio.h> #include <unistd.h> #include... (3 Replies)
Discussion started by: effizy
3 Replies

6. Shell Programming and Scripting

Passing user argument

Hi all: I'm trying to pass an argument to a command but it's being difficult. #!/bin/bash set -xv if ; then echo "More than 1 argument entered" echo "Please enter a month using 3 character names, ie, Jan, Mar, Apr, Dec" && exit 1 fi if ; then echo "Please enter a month using... (2 Replies)
Discussion started by: raggmopp
2 Replies

7. Shell Programming and Scripting

Help with passing argument

Hi, I have a script that is scheduled with cron and runs every night. The cron part looks like this: 00 20 * * 0,1,2,3,4,5,6 /usr/local/bin/BACKUP TBTARM HOT DELETE My issue is with the 3rd parameter. Somewhere in the script, i want to tell the script to delete some files if the 3rd... (7 Replies)
Discussion started by: dollypee
7 Replies

8. Shell Programming and Scripting

Argument passing

How to pass the alphabet character as a argument in case and in if block? ex: c=$1 if a-z ]] then echo "alphabet" case $1 in a-z) echo "the value is a alphabet" edit by bakunin: please use CODE-tags. We REALLY mean it. (9 Replies)
Discussion started by: Roozo
9 Replies

9. UNIX for Advanced & Expert Users

Passing resulted string name of a gzipped file as an argument to another piped tool

Hi, I have a .pcap.gz file and I would like to initially gzip it and then pass the resulting .pcap filename as an argument to a piped tool; the right-hand tool is not standardized linux tool but a custom one that strictly requires the string name of a given .pcap file in order for the pcap file... (2 Replies)
Discussion started by: amarn
2 Replies

10. UNIX for Beginners Questions & Answers

Passing a second argument

I am trying to pass a second argument like so: if ] then export ARG2=$2 else message "Second argument not specified: USAGE - $PROGRAM_NAME ARG1 ARG2" checkerror -e 2 -m "Please specify if it is a history or weekly (H or W) extract in the 2nd argument" fi however, it always goes... (4 Replies)
Discussion started by: MIA651
4 Replies

LEARN ABOUT PHP

setuid

SETUID(1)						      General Commands Manual							 SETUID(1)

NAME

       setuid - run a command with a different uid.

SYNOPSIS

       setuid username|uid   command [ args ]

DESCRIPTION

       Setuid  changes	user id, then executes the specified command.  Unlike some versions of su(1), this program doesn't ever ask for a password
       when executed with effective uid=root.  This program doesn't change the environment; it only changes the uid and then uses execvp() to find
       the command in the path, and execute it.  (If the command is a script, execvp() passes the command name to /bin/sh for processing.)

       For example,
	      setuid  some_user  $SHELL
       can be used to start a shell running as another user.

       Setuid  is  useful  inside  scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
       execute some commands using the uid of the original user, instead of root.  This allows unsafe commands (such as editors and pagers) to	be
       used  in  a  non-root  mode inside a super script.  For example, an operator with permission to modify a certain protected_file could use a
       super command that simply does:
	      cp protected_file temp_file
	      setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
	      cp temp_file protected_file
       (Note: don't use this example directly.	If the temp_file can somehow be replaced by another user, as might be the case if it's kept  in  a
       temporary  directory,  there  will  be a race condition in the time between editing the temporary file and copying it back to the protected
       file.)

AUTHOR

       Will Deich

								       local								 SETUID(1)
All times are GMT -4. The time now is 06:59 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy