On Tue, Mar 31, 2015 at 12:22 PM, Paul Gilmartin <[email protected]> wrote: > On Tue, 31 Mar 2015 12:08:26 -0500, John McKown wrote: >> >>... If I wanted to set multiple environment variables, I'd >>"protect" myself a bit with something like: >> >>$(somecommand ... | egrep '^export +(VAR1|VAR2|VAR3)=') >> >>This would ensure that regardless of what "somecommand" wrote to >>stdout, I'd just do export commands for the environment variables that >>I was interested in. It is a _little bit_ safer. After setting them, I >>might want to validate them as well, somehow. >> > And if somecommand is "echo 'export VAR1=bubba; sudo rm -rf /'"? > > http://xkcd.com/327/ > > Beware the semicolon!
Good point, that's the UNIX shell equivalent of the SQL injection attack. > > -- gil -- If you sent twitter messages while exploring, are you on a textpedition? He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
