security problems in bash script
- From: gdss <ggds@xxxxxxxxxxx>
- Date: Thu, 03 Jul 2008 23:27:12 +0200
Hello everyone,
I have this simple bash script that reads from standard input and executes
some work depending on the input that it has read. The input lines are
meant to be in the form of a command followed by an argument.
#!/bin/bash
read input
#these two lines divide input in a first word and the rest; are they safe?
command=`echo ${input%% *}`
rest=`echo ${input#* }`
case $command in
print)
echo $rest
;;
*)
echo "wrong command"
;;
esac
Is is possible for the user to provide something to the standard input and
make this script do something different from what it was meant?
I often see that the argument of case statement is enclosed in a pair of
inverted commas ( case "$command" in ... ); what is the purpose of the
inverted commas?
Thanks
.
- Prev by Date: Re: YAPL - Yet Another Programming Language
- Next by Date: Re: searching for missing element in an array
- Previous by thread: Breitling Navitimer 18kt Yellow Gold Steel Mens Watch D2332212-C5-404, Best Luxury Watch - www.luxury-gift.org
- Next by thread: Re: searching for missing element in an array
- Index(es):
Relevant Pages
|
