Benjamin Smith wrote: > On Tuesday 26 February 2008, Ralph Angenendt wrote: >>> There is no mechanism for escaping untrusted input? >> Correct. At least there's no magic quoting function. > WHY THE @!#! NOT?!?!? > > Bash is used, extensively in many cases, to deal with untrusted data. This can > include random file names in user home directories, parameters on various > scripts, etc. It's highly sensitive to being passed characters that have, > over the past NN years, resulted in quite a number of security holes and > problems. Perl is probably better for this. > > Yet there exists NO MECHANISM for simply ensuring that a given argument is an > escaped string? > > How many "homebrew" ISP or hosting administration scripts could be compromised > by simply putting a file in your home directory called ";rm -rf /" ? why would you do that... it'd be much more interesting to do something like ";usermod -u 0 mylogin" -- Milton Calnek BSc, A/Slt(Ret.) milton at calnek.com 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.