[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simple prob?
|
From: |
L A Walsh |
|
Subject: |
Re: simple prob? |
|
Date: |
Tue, 29 Jun 2021 14:58:28 -0700 |
|
User-agent: |
Thunderbird 2.0.0.24 (Windows/20100228) |
On 2021/06/29 14:02, Greg Wooledge wrote:
declare, printf -v, local -n, eval -- they're mostly equivalent. Some
of them may prevent *some* possible code injections, but none of them
prevent *all* possible code injections.
unicorn:~$ njobs2() { printf -v "$1" %s 42; }
unicorn:~$ njobs2 'x[0$(date >&2)]'
Tue Jun 29 17:00:29 EDT 2021
That's not what I see in my version:
njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }
Using that with your input:
njobs 'x[0$(date >&2)]'
bash: printf: `x[0$(date': not a valid identifier
Perhaps some solutions provide more resistance to problems than
others.
FWIW, I would be using 'njobs' in a script where I'm giving it
the input.
No matter which one of these you choose, you still have to sanity-check
the input. Or else declare that you do not care if the user shoots their
own foot off
The user has no access to internal functions inside a script. Though I
do take many precautions against my future self(ves).
- simple prob?, L A Walsh, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
- Re: simple prob?, Kerin Millar, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
- Re: simple prob?, Kerin Millar, 2021/06/29
- Re: simple prob?,
L A Walsh <=
- Re: simple prob?, Greg Wooledge, 2021/06/29
- Re: simple prob?, L A Walsh, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
- Re: simple prob?, L A Walsh, 2021/06/30
- Re: simple prob?, Eli Schwartz, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
Re: simple prob?, L A Walsh, 2021/06/29
Re: simple prob?, Eli Schwartz, 2021/06/29