bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple prob?


From: L A Walsh
Subject: Re: simple prob?
Date: Tue, 29 Jun 2021 14:58:28 -0700
User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

On 2021/06/29 14:02, Greg Wooledge wrote:
declare, printf -v, local -n, eval -- they're mostly equivalent. Some
of them may prevent *some* possible code injections, but none of them
prevent *all* possible code injections.

unicorn:~$ njobs2() { printf -v "$1" %s 42; }
unicorn:~$ njobs2 'x[0$(date >&2)]'
Tue Jun 29 17:00:29 EDT 2021

That's not what I see in my version:

njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }

Using that with your input:

njobs 'x[0$(date >&2)]'

bash: printf: `x[0$(date': not a valid identifier

Perhaps some solutions provide more resistance to problems than
others.

FWIW, I would be using 'njobs' in a script where I'm giving it
the input.
No matter which one of these you choose, you still have to sanity-check
the input.  Or else declare that you do not care if the user shoots their
own foot off
The user has no access to internal functions inside a script. Though I
do take many precautions against my future self(ves).






reply via email to

[Prev in Thread] Current Thread [Next in Thread]