help-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] safe parsing of configuration files?


From: Jesse Molina
Subject: Re: [Help-bash] safe parsing of configuration files?
Date: Sat, 04 May 2013 15:18:43 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17


Hi

I have brought this issue up previously.  See here:
http://lists.gnu.org/archive/html/help-bash/2012-07/msg00001.html



My opinion is that the "source" builtin needs an option specifically for this.

I do not think this can be safely done in bash itself.



adrelanos wrote:
Hi!

Is there a bulletproof way to parse configuration files using bash?

Layout:

(spaces)

    # comments...
    var1="something"

    # more comments...

    var2="something else"

    var3="Some

plain text

also includes spaces and empty lines
..."

(spaces)

How can I read an untrusted config file while preventing all kinds of
code execution from it?

Most competent on that question appeared:
http://wiki.bash-hackers.org/howto/conffile

"This filter only allows NAME=VALUE and comments in the file, though it
doesn't prevent all methods of executing code. I will address that
later." - This later never happened or I failed to find it.

Cheers,
adrelanos


--
# Jesse Molina
# Mail = address@hidden
# Cell = 1-602-323-7608





reply via email to

[Prev in Thread] Current Thread [Next in Thread]