Nicolas Williams wrote:
> On Sat, Jun 23, 2007 at 12:31:28PM -0500, Nicolas Williams wrote:
> > On Sat, Jun 23, 2007 at 12:18:05PM -0500, Nicolas Williams wrote:
> > > Couldn't wait for ZFS delegation, so I cobbled something together; see
> > > attachment.
> >
> > I forgot to slap on the CDDL header...
> 
> And I forgot to add a -p option here:
> 
> > #!/bin/ksh
> 
> That should be:
> 
> > #!/bin/ksh -p

Uhm... that's no longer needed for /usr/bin/ksh in Solaris 10 and ksh93
never needed it.

> Note that this script is not intended to be secure, just to keep honest
> people honest and from making certain mistakes.  Setuid-scripts (which
> this isn't quite) are difficult to make secure.

Uhm... why ? You only have to make sure the users can't inject
data/code. David Korn provided some guidelines for such cases, see
http://mail.opensolaris.org/pipermail/shell-discuss/2007-June/000493.html
(mainly avoid "eval", put all variable expensions in quotes, set IFS= at
the beginning of the script and harden your script against unexpected
input (classical example is $ myscript "$(cat /usr/bin/cat)" # (e.g. the
attempt to pass a giant binary string as argument))) ... and I am
currently working on a new shell code style guideline at
http://www.opensolaris.org/os/project/shell/shellstyle/ with more stuff.

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) [EMAIL PROTECTED]
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 7950090
 (;O/ \/ \O;)
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Reply via email to