LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 03-04-2005, 11:50 AM   #1
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,158

Rep: Reputation: 247Reputation: 247Reputation: 247
safe script parameters


Hi all.

I don't know if this is really a programming question, it's more about how to do parameter handling safely in scripts.

I have a script that takes one parameter that's supposed to be a filename, e.g.:

#!/bin/bash
echo $1 >logs/processed-files.log
tar -rf tarfiles/stuff.tar $1

This failes when there is a space in a filename. So a dirty fix is to use "$1" instead. But what about e.g.
./myscript.sh "\" ; rm * ; \""

PHP has a function called EscapeShellArg for this, so I guess it's a common problem.

What's the proper Unix way of doing this? Some sed magic?

Best regards,
Guttorm
 
Old 03-04-2005, 01:19 PM   #2
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,617

Rep: Reputation: 136Reputation: 136
You're more or less protected with system permissions.

As I can see, it is not a security problem here, as if the user who run your program
has the right to do this, he has also the right to run it directly in the shell.

If you want to run it as CGI, you have to conform with CGI standards and add
a security checking for the program parameter but as the script is run by apache
user and if apache is correctly configured (and permissions for Document Root too)
the risks are minimal
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Passing parameters to a shell script neocookie Linux - General 5 10-20-2005 12:44 PM
Passing parameters to bash script Kamikazee Programming 4 10-01-2005 07:41 AM
passing parameters to functions in shell script kushalkoolwal Programming 1 09-28-2005 03:40 PM
Passing Parameters to Bash Script mooreted Linux - Software 3 04-05-2004 10:08 PM
passing java parameters to a unix script nephilim Programming 25 10-22-2003 11:51 AM


All times are GMT -5. The time now is 03:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration