security considerations for: set x dir/[*] dir/*
- From: Lasse Kliemann <stu33404@xxxxxxxxxxxxxxxx>
- Date: Sun, 3 Dec 2006 20:30:04 +0100
set x ${dir?}/[*] ${dir?}/*
is a usefull construct to prepare an iteration over all files in a
directory ${dir}, taking into account the cases where ${dir} is empty
or contains a file with name *. I suspect that one can also use --
instead of the x, but I am not sure.
The following steps for the iteration are:
shift &&
case "${1?} ${2?}" in
${dir?}/\[\*\]\ ${dir?}/\*) return 0 ;;
*) : ;;
esac &&
shift &&
while test "$#" -ge 1; do
{
# ... do something with $1 ...
shift
} || return "$?"
done
This does not use any variables, apart from ${dir} and the positional
parameters. This is usefull in order to put this construct into a
general-purpose shell function, for shells that do not support local
variables.
However, I am not yet convinced 100% that this is secure in case the
contents of ${dir} is under the control of an attacker (and this shell
construct runs with some higher privileges). The x in the call to set
should prevent any surprises triggered by funny filenames, I guess.
Maybe someone likes to comment on this? Have I missed something?
Regards, Lasse
.
- Follow-Ups:
- Re: security considerations for: set x dir/[*] dir/*
- From: Stephane CHAZELAS
- Re: security considerations for: set x dir/[*] dir/*
- From: Michal Nazarewicz
- Re: security considerations for: set x dir/[*] dir/*
- Prev by Date: Re: Removing of Double Quotes from command output
- Next by Date: Re: How to use fuser?
- Previous by thread: Split -> Compress, Grep.
- Next by thread: Re: security considerations for: set x dir/[*] dir/*
- Index(es):
Relevant Pages
|
