On 06/15/2010 10:12 PM, vladz wrote: > As '%' is transformed into newline (in do_command.c), what do you think > about transforming other chosen characters (as for example '@', '~') into > carriage return and backspace control characters ? This could allow us to > disallow the use of '\r' and '\b'. > > For example, to launch something like: > > $ nc domain.com 80 > GET / HTTP/1.0\r\n\r\n > > as a scheduled task, user would insert: > > "* * * * * nc domain.com 80%GET / HTTP/1...@%@%" into crontab. > > instead of: > > "* * * * * nc domain.com 80%GET / HTTP/1.0\r%\r%" > > which hides some part of the string when it is displayed with "crontab > -l" or "cat /var/spool/cron/crontabs/<user>".
I had a similar idea. However, the approach above won't work, as it breaks cases where an @ is required: * * * * * cat /proc/diskstats | mail -s diskstats f...@bar.com I went and took a look the POSIX standard[1] to see if it contained a solution we were missing. The standard says, The sixth field of a line in a crontab entry is a string that shall be executed by sh at the specified times. A percent sign character in this field shall be translated to a <newline>. Any character preceded by a backslash (including the '%' ) shall cause that character to be treated literally. which -- apart from a \ at the end of a line for line continuation, and escaping the % sign -- does not make much sense to me, because all other characters are treated literally by default. I'll have to look deeper into this, but in general, you are right - we'll probably have to provide some form of character escaping for special chars. [1]http://www.opengroup.org/onlinepubs/000095399/utilities/crontab.html > Changing the output of "crontab -l" may not be a good solution because > commands such as "crontab -u user1 -l | crontab -u user2 -" won't > properly work. I agree, that solution has no merit. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
