[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] bash suitable for parsing big files?

From: Chris Down
Subject: Re: [Help-bash] bash suitable for parsing big files?
Date: Mon, 16 Sep 2013 00:52:32 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

On 2013-09-15 22:46, adrelanos wrote:
> There is only one variable. dpkg_status_folder and it's set by the
> verification script itself, so it is trusted.
> The dpkg-query binary is trusted, because it's the one from the machine
> doing the verification.
> The /var/lib/dpkg/status file, which dpkg-query will parse is untrusted,
> because it's read from the image.
> So if we look again at
>    done < <(dpkg-query --admindir="$dpkg_status_folder"
> --showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
> --show \*)
> I could rephrase my question as: Is it possible, that anything within
> "done < <(...)" gets executed? For example, "dpkg-query
> --showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
> --show \*" could return a bogus line containing "zenity-common   ii
>  all     $(echo a)".

In that case, it's fine, that's not possible -- variables are not reinterpreted
in your current code.

    $ safe='$(echo a)'
    $ cat < <(echo "$safe")
    $(echo a)

Attachment: pgp7ZmFWb7wJL.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]