On Tue, 29 Jun 2021 17:02:16 -0400
Greg Wooledge <g...@wooledge.org> wrote:
> On Tue, Jun 29, 2021 at 09:47:30PM +0100, Kerin Millar wrote:
> > On Tue, 29 Jun 2021 16:35:28 -0400
> > Greg Wooledge <g...@wooledge.org> wrote:
> >
> > > unicorn:~$ njobs() { local _n=$(jobs | wc -l); eval "$1=\$_n"; }
> > > unicorn:~$ njobs walsh
> > > unicorn:~$ echo "$walsh"
> > > 3
> > >
> > > Now you just need to add sanity-checking on the argument of njobs, to
> > > avoid whatever code injection the malicious caller wants to perform.
> >
> > I can't fathom the switch to eval there. Why not printf -v "$1" %s "$_n",
> > for example? It even rejects invalid identifiers.
>
> declare, printf -v, local -n, eval -- they're mostly equivalent. Some
> of them may prevent *some* possible code injections, but none of them
> prevent *all* possible code injections.
>
> unicorn:~$ njobs2() { printf -v "$1" %s 42; }
> unicorn:~$ njobs2 'x[0$(date >&2)]'
> Tue Jun 29 17:00:29 EDT 2021
>
> No matter which one of these you choose, you still have to sanity-check
> the input. Or else declare that you do not care if the user shoots their
> own foot off (which is a valid stance as long as your code is never used
> in a context where the user can elevate their privileges/capabilites).
>
I see. Thanks.
--
Kerin Millar
