Liam R. E. Quin wrote:
>the security stuff is to
>do with unquoted shell variables
>
Can you explain, or give me a pointer to a relevent faq/document? I
found the
"NCSA Secure Programming Guidelines", and it mentions the IFS thing, but
nothing about quoted vs unquoted variables. It also fails to mention
why setting
IFS is a good thing.
Really I'm just looking to develop good shell scripting style. So if
their are guidelines
on when you should quote things, and when not to (even when both ways
seem to
work), I would like to know. As well as any other similar techniques.
-dmc
>- probably IFS should be set
>somewhere, too, for the case where someone does su from a malicious
>user's terminal, then runs an init script.
>
>hmm, evolution crashes if I attach a file, I'll paste it... and if
>that fails, back to mutt :-)
>
>Liam
>
>
>
