Text-only Table of Contents (frame/ no frame)
(29) Security Previous Top Next

Security issues in shell scripts

Shell scripts are often used by system administrators and are run as a priviledged user.

Example:
Consider the effects of a file named "myfile;cd /;rm *" if processed, unquoted, by your script. Less detail

One possible way to protect against weirdo characters in file names:
# A function to massage a list of filenames 
# to protect weirdo characters
# e.g. find ... | protect_filenames | xargs command
#
# We are backslash-protecting the characters \'" ?*;
protect_filenames()
{
   sed -es/\\\\/\\\\\\\\/g \
       -es/\\\'/\\\\\'/g   \
       -es/\\\"/\\\\\"/g   \
       -es/\\\;/\\\\\;/g   \
       -es/\\\?/\\\\\?/g   \
       -es/\\\*/\\\\\*/g   \
       -es/\\\ /\\\\\ /g
}
If using GNU find and xargs, there is a much cleaner option to null-terminate generated pathnames.

Previous Top Next


security.src  last modified Mar 11, 2005 Introduction Table of Contents
(frame/no frame)
Printable
(single file)
© Dartmouth College