help-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] bash suitable for parsing big files?


From: adrelanos
Subject: Re: [Help-bash] bash suitable for parsing big files?
Date: Sun, 15 Sep 2013 23:58:32 +0000

Chris Down:
> On 2013-09-15 22:46, adrelanos wrote:
>> There is only one variable. dpkg_status_folder and it's set by the
>> verification script itself, so it is trusted.
>>
>> The dpkg-query binary is trusted, because it's the one from the machine
>> doing the verification.
>>
>> The /var/lib/dpkg/status file, which dpkg-query will parse is untrusted,
>> because it's read from the image.
>>
>> So if we look again at
>>
>>    done < <(dpkg-query --admindir="$dpkg_status_folder"
>> --showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
>> --show \*)
>>
>> I could rephrase my question as: Is it possible, that anything within
>> "done < <(...)" gets executed? For example, "dpkg-query
>> --showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
>> --show \*" could return a bogus line containing "zenity-common   ii
>>  all     $(echo a)".
> 
> In that case, it's fine, that's not possible -- variables are not 
> reinterpreted
> in your current code.
> 
>     $ safe='$(echo a)'
>     $ cat < <(echo "$safe")
>     $(echo a)

Okay. Also other special characters aren't reinterpreted as in executed?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]