Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Safe way to eval variable declarations?
Top Forums Shell Programming and Scripting Safe way to eval variable declarations? Post 302910163 by jim mcnamara on Tuesday 22nd of July 2014 09:32:09 PM
Old 07-22-2014
The only safe way for an open entry point into your code is to state and then test ONLY what you will allow.
Blocking what you will not allow is impossible, logically, because the number of wrong or potentially bad inputs is infinite.

Create a list of what is allowed. Check to see that your entry is in there:
Simple minded example, /etc/passwd is the list of allowed users and has : as a field separator; username is field #1, hence the printf format "%s:"
Code:
testvar=$(printf "%s:" $user)
grep -Fq "$testvar" /etc/passwd
[ $? -ne 0 ] && exit 1

 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

eval a variable that has a .

Hi, Is there any way that I can eval the following - eval abc.csv=def.csv I am getting the - bash: command not found error. thanks. (3 Replies)
Discussion started by: ttshell
3 Replies

2. Shell Programming and Scripting

How to assign eval value as Variable..

Im facing problem in assigning value of eval array variable as normal variable.. x=0 eval DATA${x}="FJSVcpcu" x=`expr $x + 1` eval DATA${x}="FJSVcsr" if x=0, type -> eval echo \$DATA$x , its give me FJSVcpcu i want assign this value into an variable as variable=`eval echo... (3 Replies)
Discussion started by: neruppu
3 Replies

3. Shell Programming and Scripting

bin/sh eval variable assignment

Why can't I do this? eval "TEST=5;echo $TEST;"; THIS WORKS!! TEST=5;echo $TEST; (2 Replies)
Discussion started by: blasto333
2 Replies

4. Shell Programming and Scripting

Passing eval value to a variable

Hello, I have a script that does an scp to a server and then gets the number of process running on that server, the o/P should be stored in a variable for further processing eval `echo "ssh -q $Infa_user@$host 'csh -c $CMD '"` where CMD="ps -ef | grep -i ${INFA_REPO} | grep -v grep | wc... (2 Replies)
Discussion started by: amit1_x
2 Replies

5. Shell Programming and Scripting

Help with eval usage for string containing Environment Variable

Help !! First, Thanks in Advance Here is what I have I have an environment Variable, let's call it v_VALUE. v_VALUE="\$ORACLE_HOME/bin" Hence, the location is ORACLE_HOME is not evaluated. ORACLE_HOME happens to be /app/oracle/product/10.1.2 I need a method of returning the... (1 Reply)
Discussion started by: dhangliter
1 Replies

6. Shell Programming and Scripting

eval and variable assignment

Hi, i have an issue with eval and variable assignment. 1) i have a date value in a variable and that date is part of a filename, var1=20100331 file1=${var1}-D1-0092.xml.zip file2=${var2}-D2-0092.xml.zip file3=${var3}-D3-0092.xml.zip i am passing the above variables to a script via... (11 Replies)
Discussion started by: mohanpadamata
11 Replies

7. Shell Programming and Scripting

assignment to variable from eval command

Hi Gurus, I am having 2 parameters as below parm1=value1 parm2=parm1 I want to evaluate parm1 value using eval echo \$$parm2 and later i want to assign this value to other variable which i will be using in if statement like : if ]; then do this....... fi could you please suggest... (5 Replies)
Discussion started by: k_vikash
5 Replies

8. UNIX for Advanced & Expert Users

Variable assignments specified with eval shell built-in

According to the POSIX specifications eval is a special shell built-in, which should imply that variable assignments specified together with it should remain in effect after the built-in completes. Thus one would expect IFS to be changed after this: var=$'a\nb c' $ IFS=$'\n' eval ' for i in... (4 Replies)
Discussion started by: Scrutinizer
4 Replies

9. Shell Programming and Scripting

assign multiple rows value to a variable using eval

background : Solaris, ksh metresult="ooo > pp" ts=89 eval append_${ts}="$metresult" bash: pp: command not found I want to create a variable which has in a part of its name a dynamically-established number (stored in another variable) usually I do this with eval command. The problem I... (5 Replies)
Discussion started by: black_fender
5 Replies

10. Shell Programming and Scripting

'eval' used in variable assignment

pattern1=book { x=1 eval echo \$pattern$x } book (this is the output) But when I assign a variable to the output of the eval it doesn't work unless I prefix 2 times backslash before $ as shown below. { a=`eval echo \\$pattern$x` echo $a } book Why here twice "\" has to be... (3 Replies)
Discussion started by: ravisingh
3 Replies

LEARN ABOUT DEBIAN

partimaged-passwd

partimaged-passwd(8)				       Partition Image Server Configuration				      partimaged-passwd(8)

NAME

       partimaged-passwd - Manage partimaged user accounts

SYNTAX

       partimaged-passwd [-Dhl] username password
       partimaged-passwd [-Dhl] username

DESCRIPTION

       partimaged can either authenticate against local user accounts (This needs access to /etc/shadow. As this is a potential security risk this
       method is not recommended) or its own password database in /etc/partimaged/passwd.db. To simplify the management  of  the  partimaged  user
       database  this tool was written. It allows to easily add and remove users or list the users in the database. All users in this database are
       allowed to access the partimaged server.

OPTIONS

       -D username
	      Delete the specified user from the password file.

       -l     List users in password file and exit.

       -h     Output help information and exit.

FILES

       /etc/partimaged/passwd.db

AUTHORS

       Michael Biebl <biebl@debian.org>

SEE ALSO

       partimaged(8), partimagedusers(5), partimage(1)

Michael Biebl <;biebl@teco.edu>						0.1						      partimaged-passwd(8)
All times are GMT -4. The time now is 12:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy