Re: [Linux-ha-dev] IPaddr in CVS

Thu, 24 Aug 2006 09:26:50 -0700 

On Thu, 24 Aug 2006, Alan Robertson wrote:

> David Lee wrote:
> > [...]
> > Hence the need, in that environment, to change a single, multi-argumented
> > 'ifconfig' into a chain of three single-argumented commands.
> > [...]
>
> So, you're absolutely right.
>
> I don't like eval - and it is dangerous.  If one of the arguments
> contains something evil, then evil things can happen.
>
> HOWEVER, this command can only be run by root (and it enforces that) so,
> if they are doing something evil, then well they didn't need this
> command to do it.
>
> Unfortunately, maybe something evil is in their environment and they
> don't know it - and we use the environment extensively.  So, there might
> be some kind of danger hanging around here...  It certainly bears a
> little more thought and study - and some comments.

Yes, all sorts of strange things might be possible.  (I've got vague
recollections of even something as apparetnly innocent as IFS being a
potential security breach in scripts.)  So I'll readily concede that my:
   CMD = cmd1 && cmd2 && cmd3
   eval $CMD

might be poor or worse.

In Bourne shell, array-like or list-like variables not possible.

So suppose we had a shell function "do_cmds()" invoked thus:

   SunOS)
      CMD1="..."
      CMD2="..."
      CMD3="..."
      do_cmds "$CMD1" "$CMD2" "CMD3"
      ;;
   *)  # e.g. Linux
      CMD="..."
      do_cmds "$CMD"
      ;;

Note the "" around the each argument to do_cmds to hold each command,
including its internal space separation, as a single function argument.
(For example, 'SunOS' calls with three arguments.)

Then define this as:
   do_cmds() {
      for i in "$@"
      do
         $i
      done
   }

which uses the exact "$@" syntax (double-quote dollar @-sign double-quote)
to execute the loop the correct number of times (e.g. three for Solaris)
but within each allowing the word separation to do its job as expected.

(This principle seems to work in both Solaris "sh" (a sample Bourne) and
in "bash".)



-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to