FEATURE REQ: safe % expansion via new syntax

Nicolas Williams Nicolas.Williams at wdr.com
Tue Feb 1 16:54:49 GMT 2000

Proposal: There should be a way to specify that some substitutions
          should be made in a way that is safe as far as Bourne Shell
	  command lines are concerned (e.g., if %f expands to a string
	  with special characters in it, it should be expanded to a
	  sutiably quoted string in 'print command' parameters).

Either all parameters that eventually result in a /bin/sh command line
should expand special % tokens in this way or else there should be a way
to specify, in smb.conf, that this quoting take place. One way to do the
latter might be to have %"... work as %... would but in a safe way
Bourne Shell-quoting wise.

The %"... feature would require changes to:

 - standard_sub()
 - standard_sub_basic()
 - string_sub()
 - expand_env_var()

The * command feature would only require changes to functions that call

I'm thinking of %s and %f which expand to file names in 'print command'
parameters. I'm also thinking of the 'open command' and 'close command'
parameters implemented by a patch by Andy Bakun which allow
administrators to specify a command to be called when a file is opened
or closed.

Since those commands are run via smbrun() and, eventually, via /bin/sh,
any strings that may be passed in by users should be appropriately
quoted. IMNSHO.

The open/close command patch would allow me to set up shares for the
purpose of securely launching applications remotely without having to
deal with the horror of the 'magic script' parameter.

The 'magic script' parameter should be deprecated, IMNSHO, and Andy
Bakun's patch should be included, again, IMNSHO.

Security is not the only objective I have in mind: any file name should
work even if it contains special characters in it, provided it's a valid
name (most people would be surprised at what can be a valid file name!).

The relevant URLs are:



-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the samba-technical mailing list