On Wed, Jun 11, 2008 at 10:34:56PM -0400, Sebastien Roy wrote: > Although one might think that "eval" could be used in the shell to > access the set of values one line at a time, this has major pitfalls: > > * Each eval runs the risk possibly clobbering variables already in > use by the script. This means that any time a new field is > added, there is small but very real potential to break any > script that happened to use that field name as a local variable.
This is not a problem: just document what variables it sets (and when you add new ones, have an option for selecting which ones to get). > * Use of eval presents a significant security risk: any command > where a non-privileged user might gain control over any field's > value makes eval as root (say, in an admin script) unsafe. To avoid this do: a) quote '$', '`' and a few other unsafe characters, b) instruct developers to disable globbing prior to evaluating this output. It should be possible to make dladm's output eval safe (and if not then let's find out why not). > Note that this is a change to a Committed interface, but it is a > relatively safe change. The Solaris 10 parseable output format was not I script around dladm output. (I take extra care for safety, and that's a pain, but it'd be better if dladm did that for me.) BTW, there's a similar issue with svcprop(1) output that I'm going to be proposing a fix for. We may want to set precedent. Nico --
