01-16-2014
Quote:
Originally Posted by
Rajesh_us
eval can be dangerous - Can you explain on this
See what happens if N1 had been set using
N1='$(echo *)' when you run that
eval command.
Then imagine what would happen if a malicious user changed
echo to
rm -rf when he/she provided the value to set N1.
This User Gave Thanks to Don Cragun For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have a script that I'm trying to shorten (below) by removing repetitive code.
if ]
then
commodity_ndm_done=Y
fi
if ]
then
customer_ndm_done=Y
fi
if ]
then
department_ndm_done=Y
fi
if ]
then
division_ndm_done=Y
fi (3 Replies)
Discussion started by: superdelic
3 Replies
2. Shell Programming and Scripting
I am writing a csh script and I need to echo a word that starts with $ and is not a variable. How do I do that? (3 Replies)
Discussion started by: oprestol
3 Replies
3. Shell Programming and Scripting
Hello,
FIRST QUESTION:
I am writing a script in which a query is taken at the beginning of the script to be later used at the end. In the query, variables are generated from a loop, and I would like to assign the variable NAME (not value) with an appended 1, 2, 3, 4.....n. The number of... (2 Replies)
Discussion started by: Allasso
2 Replies
4. Programming
Hello everybody,
I am having problem in converting byte array variables to Hexa String variables for Linux. I have done, converting byte array variables to Hexa String variables for Windows but same function doesn't work for linux. Is there any difference in OS ? The code for Windows is given... (2 Replies)
Discussion started by: ritesh_163
2 Replies
5. Shell Programming and Scripting
I can't for the love of me figure out how to work with double quotes and single quotes in variables in bash scripts. For instance, I added the following line to my .bash_aliases file:
WINDOWS="'/host/Documents and Settings/Solar Zenith/My Documents'";
I want this so that I can go straight to 'My... (2 Replies)
Discussion started by: solar zenith
2 Replies
6. Shell Programming and Scripting
I need to define a variable of variable. I'll try to explain it.
I've a list:
LIST="aaa bbb ccc"I need to do something like:
for word in LIST ;do
res_$word=`ls $word`
done
This doesn't work. Any idea?
Thanks (3 Replies)
Discussion started by: kekaes
3 Replies
7. Shell Programming and Scripting
Hi All,
i have a requirement where i have to run a script with at least 25 arguements and position of arguements can also change. the unapropriate way is like below. can we achieve this in more good and precise way??
#!/bin/ksh
##script is sample.ksh
age=$1
gender=$2
class=$3
.
.
.... (3 Replies)
Discussion started by: Lakshman_Gupta
3 Replies
8. Shell Programming and Scripting
Sometimes it is handy to protect long scripts in C++.
The following syntax works fine for simple commands:
#define SHELLSCRIPT1 "\
#/bin/bash \n\
echo \"hello\" \n\
"
int main ()
{
cout <<system(SHELLSCRIPT1);
return 0;
}
Unfortunately for there are problems for:
1d arrays:... (10 Replies)
Discussion started by: frad
10 Replies
9. Shell Programming and Scripting
Trying to do so
echo "111:222:333" |awk -F: '{system("export TESTO=" $2)}'But it doesn't work (2 Replies)
Discussion started by: urello
2 Replies
10. UNIX for Dummies Questions & Answers
Below are three variables, which I want to pass into variable RESULT1
username1=userid
poihostname1=dellsys.com
port1=8080
How can I pass these variables into below code...
RESULT1=$((ssh -n username1@poihostname1 time /usr/sfw/bin/wget --user=sam --password=123 -O /dev/null -q... (4 Replies)
Discussion started by: manohar2013
4 Replies
LEARN ABOUT MOJAVE
escape
escape(1) Mail Avenger 0.8.3 escape(1)
NAME
escape - escape shell special characters in a string
SYNOPSIS
escape string
DESCRIPTION
escape prepends a "" character to all shell special characters in string, making it safe to compose a shell command with the result.
EXAMPLES
The following is a contrived example showing how one can unintentionally end up executing the contents of a string:
$ var='; echo gotcha!'
$ eval echo hi $var
hi
gotcha!
$
Using escape, one can avoid executing the contents of $var:
$ eval echo hi `escape "$var"`
hi ; echo gotcha!
$
A less contrived example is passing arguments to Mail Avenger bodytest commands containing possibly unsafe environment variables. For
example, you might write a hypothetical reject_bcc script to reject mail not explicitly addressed to the recipient:
#!/bin/sh
formail -x to -x cc -x resent-to -x resent-cc
| fgrep "$1" > /dev/null
&& exit 0
echo "<$1>.. address does not accept blind carbon copies"
exit 100
To invoke this script, passing it the recipient address as an argument, you would need to put the following in your Mail Avenger rcpt
script:
bodytest reject_bcc `escape "$RECIPIENT"`
SEE ALSO
avenger(1),
The Mail Avenger home page: <http://www.mailavenger.org/>.
BUGS
escape is designed for the Bourne shell, which is what Mail Avenger scripts use. escape might or might not work with other shells.
AUTHOR
David Mazieres
Mail Avenger 0.8.3 2012-04-05 escape(1)