[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple prob?

From: Greg Wooledge
Subject: Re: simple prob?
Date: Tue, 29 Jun 2021 19:51:05 -0400

On Tue, Jun 29, 2021 at 04:29:05PM -0700, L A Walsh wrote:
> > > njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }

>    Which is detected as "illegal input" and disallowed.  If you don't enable
> some security errors, they can't be as easily introduced.

Are you *still* insisting that your failure to quote is a SECURITY

Come *on*!

unicorn:~$ njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }
unicorn:~$ njobs 'x[0$(date>&2)]'
Tue Jun 29 19:49:16 EDT 2021

All I had to do was remove the space.  You're not even trying.

Your failure to quote is simply a failure.  If you want to prevent
code injection attacks, you need to sanity-check the input.

There is no other way.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]