Hi, Am Sonntag, den 27.03.2011, 08:16 +0530 schrieb Raj Mathur (राज माथुर): > On Sunday 27 Mar 2011, Binand Sethumadhavan wrote: > > 2011/3/27 Joachim Breitner <[email protected]>: > > >> grep -q "^$USER$" present > > > > > > as discussed in the meeting, this is not sufficient. Safer would be > > > $ fgrep -qx "$USER" present > > > > Why is the first one not sufficient? Why is it unsafe? > > Both are unsafe. Consider the user who enters his username as > (literally): > > Raj `rm -rf /`Mathur > > Then your grep command translates to: > > grep -q "^Raj `rm -rf /`Mathur$" present > > and if your app is running as root, voila! no more files on your system! > The user is marked present too :) > > The OP needs to do much more thinking about input sanitisation.
No, this line is safe with $ fgrep -qx "$USER" present Thanks to the quotes around $USER, the `...` part would not be executed. But the quotes should be around every use of USER, in the later part of the code your exploit works. Greetings, Joachim -- Joachim Breitner e-Mail: [email protected] Homepage: http://www.joachim-breitner.de ICQ#: 74513189 Jabber-ID: [email protected]
signature.asc
Description: This is a digitally signed message part
-- http://mm.glug-bom.org/mailman/listinfo/linuxers
