bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mysqldump usage in bash


From: Greg Wooledge
Subject: Re: mysqldump usage in bash
Date: Fri, 28 Aug 2009 10:55:28 -0400
User-agent: Mutt/1.4.2.3i

On Fri, Aug 28, 2009 at 07:06:52AM -0700, Arenstar wrote:
> What effects can eval have? that i am unaware of. In fact ive never used
> eval before, it just wasnt neccessary..
> Thank you for your interesting reply
>  
> query="mysqldump -h $DBSource -u rxxxxx -pxxxx $DB $TABLE --where '$Field >
> $(($IDstart-1)) and $Field < $(($IDend+1))' > ./tmp/$TABLE$Dumpname"
>  eval $query

imadev:~$ DB='MyRealDB $(date >/dev/tty)'
imadev:~$ query="mysqldump -h $DBSource -u rxxxxx -pxxxx $DB $TABLE --where 
'$Field > $(($IDstart-1)) and $Field < $(($IDend+1))' > ./tmp/$TABLE$Dumpname"
imadev:~$ eval $query
Fri Aug 28 10:49:12 EDT 2009
bash: ./tmp/: Is a directory

As you can see, it executed the "date" command that I placed in the DB
variable.  Now imagine I had put "rm -rf /" in there instead.  Or not
redirected it to /dev/tty so I could see it.  Or ....

Since eval causes the parser to read the command a second time AFTER
parameters have already been expanded, it will potentially execute
code contained in those parameters.  This means you have to sanitize
all your variables and other substitutions to make them "eval safe".

This is where the headaches start.

In addition to the eval discussion, your quoting is... potentially odd.
You're executing all the substitutions (such as $IDend + 1) at the time
you assign to the query variable, NOT at the time you eval $query.
This may or may not be what you intended.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]