[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can someone explain this?

From: Maarten Billemont
Subject: Re: Can someone explain this?
Date: Sat, 12 Feb 2011 20:14:28 +0100

On 12 Feb 2011, at 09:28, Andreas Schwab wrote:
> Bob Proulx <address@hidden> writes:
>> Dennis Williamson wrote:
>>> Yes, do your quoting like this:
>>> ssh localhost 'bash -c "cd /tmp; pwd"'
>> I am a big fan of piping the script to the remote shell.
>>  $ echo "cd /tmp && pwd" | ssh example.com bash
>>  /tmp
> Even better:
> $ ssh example.com bash <<\EOF
> cd /tmp && pwd
> That avoids having to watch out for ' vs " quoting.
> Andreas.

The trouble with using stdin is that it becomes much harder to pass user data.

If it's simple strings, one might be tempted to expand them instead:

ssh example.com bash <<EOF
cd "$remoteDir" && pwd

But that would be a really bad idea, since you're injecting data into bash code 
(if you don't see it yet, imagine a user forces remoteDir to contain mypath"; 
rm -rf ~; : ").  The only sane way I can think of to solve this problem in a 
generically applicable fashion, is to use a construct such as:

ssh example.com bash <<< "$(printf 'cd %q; pwd' "$remoteDir")"

reply via email to

[Prev in Thread] Current Thread [Next in Thread]