[CentOS] bash - safely pass untrusted strings?
Stephen Harris
lists at spuddy.org
Tue Feb 26 23:37:26 UTC 2008
On Tue, Feb 26, 2008 at 03:30:02PM -0800, Benjamin Smith wrote:
> Exactly. Here's my example:
>
> $ ls -laFd *
You're doing it wrong:
ls -laFD -- *
> ls -l "$file";
You're doing it wrong:
ls -l -- "$file"
> $ /bin/bash ./script3.sh *
You're doing it wrong:
bash ./script3.sh "*"
(I already addressed why that is in an earlier message; you're doing two
levels of shell parsing by calling the script in that odd way)
--
rgds
Stephen
More information about the CentOS
mailing list