On 7/19/07, Richard L. Hamilton <[EMAIL PROTECTED]> wrote: > There are simply too many ways poorly written scripts can be tricked into > doing horribly wrong things; which is why I tend to overuse quoting and > curly braces and such; better to put them somewhere they're not needed > than to leave them off of somewhere that might result in someone > sneaking something in via an untrusted arg or environment variable.
You could use a modern shell like bash or ksh93 and set IFS to an empty string and use set -o noglob. Without field separators variables may contain spaces without breaking out of their cage and disabling file name globbing will prevent holes created by file name expansion. Irek _______________________________________________ opensolaris-discuss mailing list [email protected]
