[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simple prob?
|
From: |
Greg Wooledge |
|
Subject: |
Re: simple prob? |
|
Date: |
Tue, 29 Jun 2021 19:51:05 -0400 |
On Tue, Jun 29, 2021 at 04:29:05PM -0700, L A Walsh wrote:
> > > njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }
> Which is detected as "illegal input" and disallowed. If you don't enable
> some security errors, they can't be as easily introduced.
Are you *still* insisting that your failure to quote is a SECURITY
FEATURE?
Come *on*!
unicorn:~$ njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }
unicorn:~$ njobs 'x[0$(date>&2)]'
Tue Jun 29 19:49:16 EDT 2021
All I had to do was remove the space. You're not even trying.
Your failure to quote is simply a failure. If you want to prevent
code injection attacks, you need to sanity-check the input.
There is no other way.
- simple prob?, L A Walsh, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
- Re: simple prob?, Kerin Millar, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
- Re: simple prob?, Kerin Millar, 2021/06/29
- Re: simple prob?, L A Walsh, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
- Re: simple prob?, L A Walsh, 2021/06/29
- Re: simple prob?,
Greg Wooledge <=
- Re: simple prob?, L A Walsh, 2021/06/30
- Re: simple prob?, Eli Schwartz, 2021/06/29
- Re: simple prob?, Greg Wooledge, 2021/06/29
Re: simple prob?, L A Walsh, 2021/06/29
Re: simple prob?, Eli Schwartz, 2021/06/29