On Sat, May 12, 2007 at 01:05:49AM -0600, Philip Guenther wrote:
> Shell syntax, including pipes and redirections, is only special when
> it was part of the literal shell input or part of the arguments to the
> 'eval' builtin. In your case, the shell read the command
> ${dump} ${file}
> and didn't see any syntax characters or keywords, so that's going to
> be handled after variable expansion and word-splitting as a single
> command and its arguments.
>
> The solution is to use eval to tell the command to reparse after the
> variables are expanded:
> eval "${dump} ${file}"
>
> Now, for this case, that will work just fine and is only slightly more
> fragile than your existing script. I mean, your existing script will
> behave badly if someone accidentally sticks whitespace or a filename
> globbing character into one of those variables. The eval just means
> that those would behave _extra_ badly, and some other punctuation
> would be dangerous in those variables, such as backquotes,
> dollarsigns, pipes, etc.
>
> If this script needed to be robust when given such values in
> variables, or could be passed untrusted input, then you would need to
> think very carefully about when the various expansion would be done.
> I would probably write the relevant lines like this:
>
> # Look closely: that's equal-sign, single-quote, double-quote,
> dollar-sign...
> cmd='"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9'
> if [[ ! -z ${encryption} ]]; then
> cmd="${cmd}"' | "${encryption}" -pass "file:${conf}.passwd"
> -out'
> else
> cmd="${cmd} -o"
> fi
> eval "${cmd}"' "${file}"'
>
> With that, the only variable expanded before the eval is processed is
> 'cmd'. Everything else is only processed once, in the 'eval'
> processing, *and* they're all inside double-quotes for that expansion,
> so no whitespace splitting or shell-globbing will affect them.
OK, thanks for the help. These are my results. Basically I could not get
it to work with single quoting when assembling the cmd line:
1) 1st attempt:
dmp_cmd='"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9'
[[ ! -z ${encryption} ]] && dmp_cmd="${dmp_cmd}"' | "${encryption}" -pass
"file:${conf}.passwd"'
[ ${debug} ] && echo "${dmp_cmd} > ${file}\n\n"
eval "${dmp_cmd}"' > "${file}"'
+ dump=dump
+ dump_flags=anu -f - -h 0
+ encryption=openssl enc -bf -salt
+ conf=/etc/dumpster/teak.dumpster_slices.conf
+ level=6
+ device=/dev/wd0e
"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9 | "${encryption}"
-pass "file:${conf}.passwd" >
/tmp/tmp.DPiaA31052/teak/_var_named_6_Friday.dump.gz.crypto
dump: /usr/local/site/sbin/dumpster_slices: openssl enc -bf -salt: not found
unknown option --
usage: dump [-0123456789acnu] [-B records][-b blocksize] [-d density] [-f file]
[-h level] [-s feet] [-T date] filesystem
dump [-W | -w]
2) dropped off the encryption:
dmp_cmd='"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9'
[ ${debug} ] && echo "${dmp_cmd} > ${file}\n\n"
eval "${dmp_cmd}"' > "${file}"'
"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9 >
/tmp/tmp.XnjPs17554/teak/_var_named_6_Friday.dump.gz
dump: unknown option --
3) dropped off the debug echo:
dmp_cmd='"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9'
eval "${dmp_cmd}"' > "${file}"'
dump: unknown option --
4) Changed the order of the eval line:
dmp_cmd='"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9'
eval "${dmp_cmd} > "' "${file}"'
dump: unknown option --
5) Dropped the single quotes from the eval line:
dmp_cmd='"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9'
eval "${dmp_cmd} > ${file}"
dump: unknown option --
6) Reverted to the 1st eval line & re-added debug echo
dmp_cmd='"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9'
[ ${debug} ] && echo "${dmp_cmd}\n\n"
eval "${dmp_cmd}"' > "${file}"'
"${dump}" "-${level}${dump_flags}" "${device}" | gzip -9
dump: unknown option --
7) Dropped the single quotes from the cmd assembly line & viola
dmp_cmd="${dump} -${level}${dump_flags} ${device} | gzip -9"
[ ${debug} ] && echo "${dmp_cmd}\n\n"
eval "${dmp_cmd}"' > "${file}"'
dump -6anu -f - -h 0 /dev/wd0e | gzip -9
DUMP: Date of this level 6 dum....
8) Added the single quoted encryption line back in:
dmp_cmd="${dump} -${level}${dump_flags} ${device} | gzip -9"
[[ ! -z ${encryption} ]] && dmp_cmd="${dmp_cmd}"' | "${encryption}" -pass
"file:${conf}.passwd"'
[ ${debug} ] && echo "${dmp_cmd}\n\n"
eval "${dmp_cmd}"' > "${file}"'
dump -6anu -f - -h 0 /dev/wd0e | gzip -9 | "${encryption}" -pass
"file:${conf}.passwd"
/usr/local/site/sbin/dumpster_slices: openssl enc -bf -salt: not found
DUMP: Date of this level 6 dum...
-rw-r--r-- 1 root wheel 0 May 12 17:15 _var_named_6_Friday.dump.gz.crypto
-rw-r--r-- 1 root wheel 110 May 12 17:15
_var_named_6_Friday.dump.gz.crypto.digest
9) Altered the encryption line to double quotes only:
dmp_cmd="${dump} -${level}${dump_flags} ${device} | gzip -9"
[[ ! -z ${encryption} ]] && dmp_cmd="${dmp_cmd} | ${encryption} -pass
file:${conf}.passwd"
[ ${debug} ] && echo "${dmp_cmd}\n\n"
eval "${dmp_cmd}"' > "${file}"'
dump -6anu -f - -h 0 /dev/wd0e | gzip -9 | openssl enc -bf -salt -pass
file:/etc/dumpster/teak.dumpster_slices.conf.passwd
DUMP: Date of this le....
-rw-r--r-- 1 root wheel 1784 May 12 17:19 _var_named_6_Friday.dump.gz.crypto
-rw-r--r-- 1 root wheel 110 May 12 17:19
_var_named_6_Friday.dump.gz.crypto.digest
>
> Alternatively, there's this version:
> # disable globbing
> set -f
> # disable word-splitting of the result of variable or
> command-expansion
> IFS=
> cmd='${dump} -${level}${dump_flags} ${device} | gzip -9'
> if [[ ! -z ${encryption} ]]; then
> cmd="${cmd}"' | ${encryption} -pass file:${conf}.passwd -out'
> else
> cmd="${cmd} -o"
> fi
> eval ${cmd} \${file}
>
10)
set -f
IFS_ORIG=$IFS
IFS=
dump='${dump} -${level}${dump_flags} ${device} | gzip -9'
[ ${debug} ] && echo "${dmp_cmd}\n\n"
eval ${cmd} > \${file}
IFS=$IFS_ORIG
sha1: cannot open /tmp/tmp.pTDtWpW413/teak/_var_named_6_Friday.dump.gz:
No such file or directory
What is my best course of action here? #9 "works" for me at the moment.
>
> Philip Guenther
--
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
