bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple prob?


From: Kerin Millar
Subject: Re: simple prob?
Date: Tue, 29 Jun 2021 22:11:02 +0100

On Tue, 29 Jun 2021 17:02:16 -0400
Greg Wooledge <greg@wooledge.org> wrote:

> On Tue, Jun 29, 2021 at 09:47:30PM +0100, Kerin Millar wrote:
> > On Tue, 29 Jun 2021 16:35:28 -0400
> > Greg Wooledge <greg@wooledge.org> wrote:
> > 
> > > unicorn:~$ njobs() { local _n=$(jobs | wc -l); eval "$1=\$_n"; }
> > > unicorn:~$ njobs walsh
> > > unicorn:~$ echo "$walsh"
> > > 3
> > > 
> > > Now you just need to add sanity-checking on the argument of njobs, to
> > > avoid whatever code injection the malicious caller wants to perform.
> > 
> > I can't fathom the switch to eval there. Why not printf -v "$1" %s "$_n", 
> > for example? It even rejects invalid identifiers.
> 
> declare, printf -v, local -n, eval -- they're mostly equivalent.  Some
> of them may prevent *some* possible code injections, but none of them
> prevent *all* possible code injections.
> 
> unicorn:~$ njobs2() { printf -v "$1" %s 42; }
> unicorn:~$ njobs2 'x[0$(date >&2)]'
> Tue Jun 29 17:00:29 EDT 2021
> 
> No matter which one of these you choose, you still have to sanity-check
> the input.  Or else declare that you do not care if the user shoots their
> own foot off (which is a valid stance as long as your code is never used
> in a context where the user can elevate their privileges/capabilites).
> 

I see. Thanks.

-- 
Kerin Millar



reply via email to

[Prev in Thread] Current Thread [Next in Thread]