Re: Execution of a data string

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Execution of a data string

From:	L. A. Walsh
Subject:	Re: Execution of a data string
Date:	Fri, 23 Sep 2016 12:21:34 -0700
User-agent:	Thunderbird



Reuti wrote:

Am 22.09.2016 um 15:23 schrieb Greg Wooledge <wooledg@eeg.ccf.org>:

On Wed, Sep 21, 2016 at 11:15:45PM -0400, mobatuorg@yahoo.ca wrote:

declare -a "$string"       # results in execution of $string
declare -a a=($string)    # does not result in execution of $string

This is why you don't use the first form.  It's the same with eval --
if you don't have full control over the statement being eval'ed, then
you risk undesired code execution.

Even without `eval` it's dangerous, i.e. specifying solely $ExecuteThisData on 
the command line.

----
   It's amazing how much people expect to be protected from doing anything

stupid. *nix is not a walled garden (despite appearances it is headingin that

direction).

[Prev in Thread]

Current Thread

[Next in Thread]

Execution of a data string, address@hidden, 2016/09/22
- Re: Execution of a data string, Greg Wooledge, 2016/09/22
  - Re: Execution of a data string, Reuti, 2016/09/22
    - Re: Execution of a data string, L. A. Walsh <=
- Re: Execution of a data string, Chet Ramey, 2016/09/23

Prev by Date: Re: Execution of a data string
Next by Date: [PATCH] fix printf %b without an argument
Previous by thread: Re: Execution of a data string
Next by thread: Re: Execution of a data string
Index(es):
- Date
- Thread