RE: shell variable security
- From: "Miner, Jonathan W (CSC) (US SSA)" <jonathan.w.miner@xxxxxxxxxxxxxx>
- Date: Wed, 3 Oct 2007 12:43:52 -0400
We have all heard about security problems with shell variables
Can some one post a test case that exploits this? While I understand the issue that the OP addressed, I can't seem to write a shell script that exploits this. Take this sample script:
while read line; do
foo=`echo $line`
echo $foo
done
if I run it and enter something like "Jon; date" it just echos it back. The date command does not executed. If I run the script with the -x argument, it looks like this:
$ bash -x x.sh
+ read line
Jon; date
++ echo 'Jon;' date
+ foo='Jon; date'
+ echo 'Jon;' date
Jon; date
+ read line
It looks like the shell is putting single quotes around the ';'. I really believe that what the OP asked about is a problem, I just can't seem to generate a test case that illustrates it.
<<winmail.dat>>
--fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- References:
- shell variable security
- From: tony . chamberlain
- shell variable security
- Prev by Date: Re: shell variable security
- Next by Date: Re: shell variable security
- Previous by thread: RE: shell variable security
- Next by thread: Re: shell variable security
- Index(es):
Relevant Pages
|
