On 11/26/2014 06:56 AM, Tim Chase wrote:
On 2014-11-26 00:04, Tim Daneliuk wrote:
someprog.py uname && sudo cat /etc/sudoers
vs.
someprog.py uname && echo "sudo cat /etc/suoders"
In the first instance, I need the sudo passoword, in the second I
don't.
This doesn't jibe with the pairs of quotes you sent and your request
for nesting. In most popular shells, the majority of your "quote"
characters don't actually quote anything:
bash$ echo // hello
hello
bash$ echo /* hello */
[returns all the items in my root directory, the word "hello",
along with all the sub-directories in the current directory]
bash$ echo this#and#that
this#and#that
bash$ echo this # and #that
this
and has problems with things like
someprog.py uname && su""do cat /etc/sudoers
someprog.py uname && s"ud"o cat /etc/sudoers
which my shell will parse valid execution of sudo.
<SNIP>
I am not writing in bash, but in python.
The specific program in question I am modifying is
one that takes a shell command and executes it remotely on many machines.
The problem I am trying to solve is to determine whether the user needs to
provide a sudo password or not. Right now, the program just naively checks
the arguments to see if .startswith("sudo'). As the example given illustrates,
that clearly fails if the sudo is given later in a longer pipeline.
Scanning the whole argument string for 'sudo' is better but will yield
false positives if the string is inside a quote of some sort. Since I have
to solve the problem for ' and " delimiters, I thought I'd generalize the
solution
for other strings possibly being quoted by other delimiters.
----------------------------------------------------------------------------
Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/
--
https://mail.python.org/mailman/listinfo/python-list
