Re: [Help-bash] bash suitable for parsing big files?

help-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] bash suitable for parsing big files?

From:	Chris Down
Subject:	Re: [Help-bash] bash suitable for parsing big files?
Date:	Mon, 16 Sep 2013 00:52:32 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

On 2013-09-15 22:46, adrelanos wrote:
> There is only one variable. dpkg_status_folder and it's set by the
> verification script itself, so it is trusted.
>
> The dpkg-query binary is trusted, because it's the one from the machine
> doing the verification.
>
> The /var/lib/dpkg/status file, which dpkg-query will parse is untrusted,
> because it's read from the image.
>
> So if we look again at
>
>    done < <(dpkg-query --admindir="$dpkg_status_folder"
> --showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
> --show \*)
>
> I could rephrase my question as: Is it possible, that anything within
> "done < <(...)" gets executed? For example, "dpkg-query
> --showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
> --show \*" could return a bogus line containing "zenity-common   ii
>  all     $(echo a)".

In that case, it's fine, that's not possible -- variables are not reinterpreted
in your current code.

    $ safe='$(echo a)'
    $ cat < <(echo "$safe")
    $(echo a)

pgp7ZmFWb7wJL.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Help-bash] bash suitable for parsing big files?, (continued)

Prev by Date: Re: [Help-bash] bash suitable for parsing big files?
Next by Date: Re: [Help-bash] bash suitable for parsing big files?
Previous by thread: Re: [Help-bash] bash suitable for parsing big files?
Next by thread: Re: [Help-bash] bash suitable for parsing big files?
Index(es):
- Date
- Thread