|
From: | Eric Blake |
Subject: | Re: [Help-bash] taking the name of a variable from another variable |
Date: | Tue, 3 Jul 2018 10:52:58 -0500 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 07/03/2018 10:17 AM, Greg Wooledge wrote:
On Tue, Jul 03, 2018 at 04:21:55PM +0200, Marco Ippolito wrote:then perhaps something as simple as this is enough to set your environment variable: name=foo value=bar; eval "export $name=$value"That's an unsafe use of eval. You need to escape the $ before value, so that after the eval, the shell ends up running: export foo=$value All other points (child processes, environment, sourcing) still apply.
And, if you are going to take $name from the user rather than something that you have generated safely yourself, you absolutely want to sanitize it before expanding it in eval (otherwise, some user will do an action such as:
name='a; rm -rf /*; b'just to spite you for your lack of security sanitization of your inputs to eval).
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Prev in Thread] | Current Thread | [Next in Thread] |