Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Safe way to eval variable declarations?
Top Forums Shell Programming and Scripting Safe way to eval variable declarations? Post 302910163 by jim mcnamara on Tuesday 22nd of July 2014 09:32:09 PM
Old 07-22-2014
The only safe way for an open entry point into your code is to state and then test ONLY what you will allow.
Blocking what you will not allow is impossible, logically, because the number of wrong or potentially bad inputs is infinite.

Create a list of what is allowed. Check to see that your entry is in there:
Simple minded example, /etc/passwd is the list of allowed users and has : as a field separator; username is field #1, hence the printf format "%s:"
Code:
testvar=$(printf "%s:" $user)
grep -Fq "$testvar" /etc/passwd
[ $? -ne 0 ] && exit 1

 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

eval a variable that has a .

Hi, Is there any way that I can eval the following - eval abc.csv=def.csv I am getting the - bash: command not found error. thanks. (3 Replies)
Discussion started by: ttshell
3 Replies

2. Shell Programming and Scripting

How to assign eval value as Variable..

Im facing problem in assigning value of eval array variable as normal variable.. x=0 eval DATA${x}="FJSVcpcu" x=`expr $x + 1` eval DATA${x}="FJSVcsr" if x=0, type -> eval echo \$DATA$x , its give me FJSVcpcu i want assign this value into an variable as variable=`eval echo... (3 Replies)
Discussion started by: neruppu
3 Replies

3. Shell Programming and Scripting

bin/sh eval variable assignment

Why can't I do this? eval "TEST=5;echo $TEST;"; THIS WORKS!! TEST=5;echo $TEST; (2 Replies)
Discussion started by: blasto333
2 Replies

4. Shell Programming and Scripting

Passing eval value to a variable

Hello, I have a script that does an scp to a server and then gets the number of process running on that server, the o/P should be stored in a variable for further processing eval `echo "ssh -q $Infa_user@$host 'csh -c $CMD '"` where CMD="ps -ef | grep -i ${INFA_REPO} | grep -v grep | wc... (2 Replies)
Discussion started by: amit1_x
2 Replies

5. Shell Programming and Scripting

Help with eval usage for string containing Environment Variable

Help !! First, Thanks in Advance Here is what I have I have an environment Variable, let's call it v_VALUE. v_VALUE="\$ORACLE_HOME/bin" Hence, the location is ORACLE_HOME is not evaluated. ORACLE_HOME happens to be /app/oracle/product/10.1.2 I need a method of returning the... (1 Reply)
Discussion started by: dhangliter
1 Replies

6. Shell Programming and Scripting

eval and variable assignment

Hi, i have an issue with eval and variable assignment. 1) i have a date value in a variable and that date is part of a filename, var1=20100331 file1=${var1}-D1-0092.xml.zip file2=${var2}-D2-0092.xml.zip file3=${var3}-D3-0092.xml.zip i am passing the above variables to a script via... (11 Replies)
Discussion started by: mohanpadamata
11 Replies

7. Shell Programming and Scripting

assignment to variable from eval command

Hi Gurus, I am having 2 parameters as below parm1=value1 parm2=parm1 I want to evaluate parm1 value using eval echo \$$parm2 and later i want to assign this value to other variable which i will be using in if statement like : if ]; then do this....... fi could you please suggest... (5 Replies)
Discussion started by: k_vikash
5 Replies

8. UNIX for Advanced & Expert Users

Variable assignments specified with eval shell built-in

According to the POSIX specifications eval is a special shell built-in, which should imply that variable assignments specified together with it should remain in effect after the built-in completes. Thus one would expect IFS to be changed after this: var=$'a\nb c' $ IFS=$'\n' eval ' for i in... (4 Replies)
Discussion started by: Scrutinizer
4 Replies

9. Shell Programming and Scripting

assign multiple rows value to a variable using eval

background : Solaris, ksh metresult="ooo > pp" ts=89 eval append_${ts}="$metresult" bash: pp: command not found I want to create a variable which has in a part of its name a dynamically-established number (stored in another variable) usually I do this with eval command. The problem I... (5 Replies)
Discussion started by: black_fender
5 Replies

10. Shell Programming and Scripting

'eval' used in variable assignment

pattern1=book { x=1 eval echo \$pattern$x } book (this is the output) But when I assign a variable to the output of the eval it doesn't work unless I prefix 2 times backslash before $ as shown below. { a=`eval echo \\$pattern$x` echo $a } book Why here twice "\" has to be... (3 Replies)
Discussion started by: ravisingh
3 Replies

LEARN ABOUT CENTOS

hesiod_getpwuid

HESIOD(3)						     Library Functions Manual							 HESIOD(3)

NAME

       hesiod_getpwnam, hesiod_getpwuid, hesiod_free_passwd - Hesiod functions for retrieving passwd information

SYNOPSIS

       #include <hesiod.h>

       struct passwd *hesiod_getpwnam(void *context, const char *name)
       struct passwd *hesiod_getpwuid(void *context, uid_t uid)
       void hesiod_free_passwd(void *context, struct passwd *pw)

       cc file.c -lhesiod

DESCRIPTION

       This family of functions allows you to retrieve passwd database information using Hesiod.  To perform lookups, you need an initialized Hes-
       iod context; see hesiod(3) for details.	You may look up passwd information by name or by uid; information is returned in the  same  format
       as  by  getpwnam  or  getpwuid.	 It  is  the caller's responsibility to call hesiod_free_passwd with the returned passwd entry to free the
       resources used by the passwd entry.

       Hesiod queries for passwd information are made using the ``passwd'' or ``uid'' Hesiod type, using either the username or the decimal repre-
       sentation  of  the  uid	as  the  Hesiod  name.	 The corresponding records should be a colon-separated list of fields giving the username,
       encrypted password, uid, gid, GECOS information, home directory, and shell of the user.

RETURN VALUES

       On failure, hesiod_getpwnam and hesiod_getpwuid return NULL and set the global variable errno to indicate the error.

ERRORS

       These calls may fail for any of the reasons the routine hesiod_resolve may fail.

SEE ALSO

       hesiod(3)

								 30 November 1996							 HESIOD(3)
All times are GMT -4. The time now is 02:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy