shell variable security
Luciano Rocha
strange at nsk.no-ip.org
Wed Oct 3 18:18:01 UTC 2007
On Wed, Oct 03, 2007 at 06:01:59PM +0000, tony.chamberlain at lemko.com wrote:
>
>
> I guess I was asking in general how you can be sure your variables are safe.
> Maybe it is more complicated than that? I really have just heard warnings from
> everyone, so I was taking pre-emptive measures.
>
> I tried a few things myself too and also could not get that problem.
>
> I tried making a file called test and doing things like
>
> K="$1"
> echo $K
>
>
> and then calling
>
> test "hello\";date"
>
> a nd
> FIL="$1"
> ls $FIL
>
> but that seemed to be OK
>
test "hello /etc/* bye"
Is one instance where the expansion is performed (with ls & echo).
That will cause problems with things like rm, etc.
--
lfr
0/0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20071003/6c50a94f/attachment-0001.sig>
More information about the fedora-list
mailing list