11-30-2012
Quote:
Originally Posted by
sudon't
Ok, I kinda get that it might be about having executables in permissions protected directories, but if all you need to do is use the absolute pathname, it doesn't seem like much security.
You're missing the point. If you just type 'mycommand' and hit enter, you won't run something that's been maliciously dumped in a local directory by accident.
You can still do so with ./ but it will be hard to claim you did so by accident.
This User Gave Thanks to Corona688 For This Post:
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
How can I get the results of a find back without the pathname
for example if i do
find ../../ -name \*.sql
i dont want to see
directory/directory/filename.sql
I only want to see filename.sql (3 Replies)
Discussion started by: MBGPS
3 Replies
2. Shell Programming and Scripting
With C Shell you can get the root, head, tail and extension of a pathname by using pathname variable modifiers.
Example Script:
#! /bin/csh
set pathvar=/home/WSJ091305.txt
echo $pathvar:r
echo $pathvar:h
echo $pathvar:t
echo $pathvar:e
The result of executing this script is:
... (7 Replies)
Discussion started by: BCarlson
7 Replies
3. UNIX for Advanced & Expert Users
Hi All,
We use tomcat web server and it will get terminated with below error:
connection to localhost:10.0 host broken (explicit kill or server shutdown)
Please let me know how to fix this error. (5 Replies)
Discussion started by: bache_gowda
5 Replies
4. UNIX for Dummies Questions & Answers
Hi
Could someone help me?
I'm not sure how to find the full pathname of a directory.
I just want to be able to specify a directory.
e.g
directory1/directory2/directory3/directory4/directory5
I want to be able to put in "directory5"
and then i want a return of the full address.
... (3 Replies)
Discussion started by: shomila_a
3 Replies
5. Cybersecurity
I'm running IPF on solaris 10
bash-3.00# ipf -V #display ipf version
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask: 0x107
with the following rules
bash-3.00# ipfstat -o -i... (0 Replies)
Discussion started by: h@foorsa.biz
0 Replies
6. AIX
I want to run applet on AIX 6 machine.
I already have setup $DISPLAY variable for putty session by selecting X11 option.
I got below error for any X related commands (xclock, X, applet viewer )
X connection to localhost:10.0 broken (explicit kill or server shutdown). Please can anyone... (0 Replies)
Discussion started by: kailas.girase
0 Replies
7. Shell Programming and Scripting
I have executed the below perl script for copying the file from one server to another server using scp.
#!/usr/bin/perl -w
use Net::SCP::Expect;
use strict;
$server= "x.x.x.x";
my $source = "/mypath/mypath";
my $destination = "/home/";
print "Login...Starting scp...";
$user="admin";... (1 Reply)
Discussion started by: scriptscript
1 Replies
8. Shell Programming and Scripting
Hello,
I use the following SSH script to upload *.jpg files via FTP:
#!/usr/bin/expect
set timeout -1
spawn ftp -v -i
expect ""
send "\r"
expect "Password:"
send "\r"
expect "ftp>"
send "mput *.jpg\r"
expect "ftp>"
send "quit\r"
replaced with actual ftp server/account data.
... (5 Replies)
Discussion started by: mrpi007
5 Replies
9. IP Networking
Add explicit route to 10.128.255.41/32 , gateway: 10.128.201.254
if not working, please try gateway through management port: 10.128.55.254
Just want to double confirm if this would be the correct command
#route add -net 10.128.255.41/32 10.128.201.254
And if didnt work
#route add... (1 Reply)
Discussion started by: Thilagarajan
1 Replies
LEARN ABOUT DEBIAN
shell-quote
SHELL-QUOTE(1p) User Contributed Perl Documentation SHELL-QUOTE(1p)
NAME
shell-quote - quote arguments for safe use, unmodified in a shell command
SYNOPSIS
shell-quote [switch]... arg...
DESCRIPTION
shell-quote lets you pass arbitrary strings through the shell so that they won't be changed by the shell. This lets you process commands
or files with embedded white space or shell globbing characters safely. Here are a few examples.
EXAMPLES
ssh preserving args
When running a remote command with ssh, ssh doesn't preserve the separate arguments it receives. It just joins them with spaces and
passes them to "$SHELL -c". This doesn't work as intended:
ssh host touch 'hi there' # fails
It creates 2 files, hi and there. Instead, do this:
cmd=`shell-quote touch 'hi there'`
ssh host "$cmd"
This gives you just 1 file, hi there.
process find output
It's not ordinarily possible to process an arbitrary list of files output by find with a shell script. Anything you put in $IFS to
split up the output could legitimately be in a file's name. Here's how you can do it using shell-quote:
eval set -- `find -type f -print0 | xargs -0 shell-quote --`
debug shell scripts
shell-quote is better than echo for debugging shell scripts.
debug() {
[ -z "$debug" ] || shell-quote "debug:" "$@"
}
With echo you can't tell the difference between "debug 'foo bar'" and "debug foo bar", but with shell-quote you can.
save a command for later
shell-quote can be used to build up a shell command to run later. Say you want the user to be able to give you switches for a command
you're going to run. If you don't want the switches to be re-evaluated by the shell (which is usually a good idea, else there are
things the user can't pass through), you can do something like this:
user_switches=
while [ $# != 0 ]
do
case x$1 in
x--pass-through)
[ $# -gt 1 ] || die "need an argument for $1"
user_switches="$user_switches "`shell-quote -- "$2"`
shift;;
# process other switches
esac
shift
done
# later
eval "shell-quote some-command $user_switches my args"
OPTIONS
--debug
Turn debugging on.
--help
Show the usage message and die.
--version
Show the version number and exit.
AVAILABILITY
The code is licensed under the GNU GPL. Check http://www.argon.org/~roderick/ or CPAN for updated versions.
AUTHOR
Roderick Schertler <roderick@argon.org>
perl v5.8.4 2005-05-03 SHELL-QUOTE(1p)