shell variable security
- From: tony.chamberlain@xxxxxxxxx
- Date: Wed, 03 Oct 2007 15:15:05 +0000
I have to write some BASH scripts.
We have all heard about security problems with shell variables
(i.e. when entering a name someone enters something like "Tony; rm -rf /root/*" )
so that if the BASH scripts echoes it will will do something like echo Tony; rm -rf /root/*.
Now we have honest users here, but I still want to do some checks. If I read in or get a shell variable from a user
I could do something like
echo "$VAR" | grep '[^a-zA-Z/_-]'
if [ $? -eq 0 ]
then
echo "You have entered a bad character"
exit 1
fi
but that still runs into the problem like above with the echo. I also could do
case "$VAR" in
\;|\:) echo "you have a bad character"
;;
esac
but I am not sure that is best either. Is there anyway to validate shell variables?
I know Javascript, etc., has something like url_encode()
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Follow-Ups:
- Re: shell variable security
- From: Aaron Konstam
- Re: shell variable security
- From: Jacques B.
- RE: shell variable security
- From: Miner, Jonathan W (CSC) (US SSA)
- RE: shell variable security
- From: Miner, Jonathan W (CSC) (US SSA)
- Re: shell variable security
- Prev by Date: Re: what are possbile Fedora 8 code names?
- Next by Date: RE: shell variable security
- Previous by thread: firewire 400 and FC7
- Next by thread: RE: shell variable security
- Index(es):
Relevant Pages
|
