bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can someone explain this?


From: Maarten Billemont
Subject: Re: Can someone explain this?
Date: Sat, 12 Feb 2011 20:14:28 +0100

On 12 Feb 2011, at 09:28, Andreas Schwab wrote:
> 
> Bob Proulx <address@hidden> writes:
> 
>> Dennis Williamson wrote:
>>> Yes, do your quoting like this:
>>> ssh localhost 'bash -c "cd /tmp; pwd"'
>> 
>> I am a big fan of piping the script to the remote shell.
>> 
>>  $ echo "cd /tmp && pwd" | ssh example.com bash
>>  /tmp
> 
> Even better:
> 
> $ ssh example.com bash <<\EOF
> cd /tmp && pwd
> EOF
> 
> That avoids having to watch out for ' vs " quoting.
> 
> Andreas.

The trouble with using stdin is that it becomes much harder to pass user data.

If it's simple strings, one might be tempted to expand them instead:

ssh example.com bash <<EOF
cd "$remoteDir" && pwd
EOF

But that would be a really bad idea, since you're injecting data into bash code 
(if you don't see it yet, imagine a user forces remoteDir to contain mypath"; 
rm -rf ~; : ").  The only sane way I can think of to solve this problem in a 
generically applicable fashion, is to use a construct such as:

ssh example.com bash <<< "$(printf 'cd %q; pwd' "$remoteDir")"


reply via email to

[Prev in Thread] Current Thread [Next in Thread]