Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Can I do this without eval? (zsh)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Can I do this without eval? (zsh)
# 8  
Old 01-25-2017
Quote:
Originally Posted by Corona688
I definitely reccommend against injection rejection which leaves you wide open to things you don't know about and can react badly to valid things you still didn't expect. (What if a filename contains a literal backtick?) Better to not leave the door open in the first place and use something which doesn't allow for shell interpretation.
Backquotes are harmless. In this case, the code to be eavl'ed would at worst be something like

Code:
[[ ! -d '`rm -r *`' ]]

and this wouldn't actually execute the rm, due to the surrounding single quotes. But of course, whenever I do injection rejection, it might be that I overlook some corner case. So while I believe that my solution is safe, there is always some bad feeling that I might have missed something.

I verified, that test indeed is a builtin in zsh too, so it really makes sense using it here.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Zsh array -a vs. -A question

Inside a zsh function, I create a local array with local -a arrayname and a local associative array with local -A arrayname. I also can create an array using set, like this: set -A arrayname value1 value2 value3In this form, I can not explicitly declare that an array is associative or... (2 Replies)
Discussion started by: rovf
2 Replies

2. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (13 Replies)
Discussion started by: vivek d r
13 Replies

3. Shell Programming and Scripting

Error in eval eval command to print html tags

anyone has any info on why this is complaining??? vivek@vivek-c5e55ef2e ~/TAC $ zoneCounter=1 vivek@vivek-c5e55ef2e ~/TAC $ optUsage1=23% vivek@vivek-c5e55ef2e ~/TAC $ eval eval echo "<th>Zone $zoneCounter </th><th align=\"left\"> \$optUsage$zoneCounter </th>" -bash: syntax error... (1 Reply)
Discussion started by: vivek d r
1 Replies

4. Shell Programming and Scripting

Strange result of eval, how does eval really work with ssh?

Hi all, some small script with eval turned me to crazy. my OS is linux Linux s10-1310 2.6.16.53-0.8.PTF.434477.3.TDC.0-smp #1 SMP Fri Aug 31 06:07:27 PDT 2007 x86_64 x86_64 x86_64 GNU/Linux below script works well #!/bin/bash eval ssh remotehost date eval ssh remotehost ls below... (1 Reply)
Discussion started by: summer_cherry
1 Replies

5. Shell Programming and Scripting

Using zsh

Hi all i am forced to use tcsh at work but i want to use zsh, so i have added this to my .cshrc if (! $?STARTTCSH) then if ("$tty" != "" && -x /bin/zsh) exec /bin/zsh exit endif but this now stopped me going back to tcsh if i need to, is there a way to do this, i would... (7 Replies)
Discussion started by: ab52
7 Replies

6. UNIX for Dummies Questions & Answers

question about zsh

hi, In bash, $ bind -P | grep yank-last yank-last-arg can be found on "\M-.", "\M-_". this allows me to press ALT key and the period (.) to yank the last argument of the previous command line into the current command line. How can I get the same behavior in zsh ? Thanks ... (0 Replies)
Discussion started by: Andrewkl
0 Replies

7. UNIX for Dummies Questions & Answers

Z-shell (zsh)

Z-shell (zsh) anyone use it and how do ya like it? (1 Reply)
Discussion started by: Bodhi
1 Replies

8. Shell Programming and Scripting

tutorials about zsh

hi there I'm looking for tutorials about zsh (beginners to experts) can you give me addresses please? thx a lot (3 Replies)
Discussion started by: SpY974
3 Replies
Login or Register to Ask a Question

LEARN ABOUT SUNOS

source

exec(1) 							   User Commands							   exec(1)

NAME

       exec, eval, source - shell built-in functions to execute other commands

SYNOPSIS

   sh
       exec [argument...]

       eval [argument...]

   csh
       exec command

       eval argument...

       source [-h] name

   ksh
       *exec [arg...]

       *eval [arg...]

DESCRIPTION

   sh
       The  exec  command specified by the arguments is executed in place of this shell without creating a new process. Input/output arguments may
       appear and, if no other arguments are given, cause the shell input/output to be modified.

       The arguments to the eval built-in are read as input to the shell and the resulting command(s) executed.

   csh
       exec executes command in place of the current shell, which terminates.

       eval reads its arguments as input to the shell and executes the resulting command(s). This is usually used to execute commands generated as
       the result of command or variable substitution.

       source  reads  commands	from name. source commands may be nested, but if they are nested too deeply the shell may run out of file descrip-
       tors. An error in a sourced file at any level terminates all nested source commands.

       -h	Place commands from the file name on the history list without executing them.

   ksh
       With the exec built-in, if arg is given, the command specified by the arguments is executed in place of this shell without creating  a  new
       process.  Input/output arguments may appear and affect the current process. If no arguments are given the effect of this command is to mod-
       ify file descriptors as prescribed by the input/output redirection list.  In this case, any file descriptor numbers greater than 2 that are
       opened with this mechanism are closed when invoking another program.

       The arguments to eval are read as input to the shell and the resulting command(s) executed.

       On this man page, ksh(1) commands that are preceded by one or two * (asterisks) are treated specially in the following ways:

       1.  Variable assignment lists preceding the command remain in effect when the command completes.

       2.  I/O redirections are processed after variable assignments.

       3.  Errors cause a script that contains them to abort.

       4.  Words,  following a command preceded by ** that are in the format of a variable assignment, are expanded with the same rules as a vari-
	   able assignment. This means that tilde substitution is performed after the = sign and word splitting and file name generation  are  not
	   performed.

EXIT STATUS

       For ksh:

       If  command is not found, the exit status is 127. If command is found, but is not an executable utility, the exit status is 126. If a redi-
       rection error occurs, the shell exits with a value in the range 1-125. Otherwise, exec returns a zero exit status.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       csh(1), ksh(1), sh(1), attributes(5)

SunOS 5.10							    17 Jul 2002 							   exec(1)