[PATCH] RFC: shell-safe version of string_sub()?
Peter Samuelson
peter at cadcamlab.org
Wed Oct 25 19:36:34 GMT 2000
[Nico Williams]
> Very, very cool. I like this very much.
Thanks.
> But I am very grateful as this patch is very good, from a security
> point of view.
Perhaps, but note that it is not a silver bullet. (Like a free lunch,
there ain't no such thing.) It allows all manner of strange characters
in command arguments. Sure, they are shell-escaped, but if your
command line is *itself* a shell script, that script had better be
careful! So, unless you are very very experienced with shell scripting
and know the issues involved, I would recommend using something more
robust, such as C, Perl or Python. Judging from the scripts I have
come across in my career as a Unix user, an overwhelming percentage are
not even close to weird-argument-safe -- so I must conclude that most
Unix users are *not* in fact very familiar with these issues.
> Hmmm, what about unicode/code pages? Will this patch work as intended?
Unicode: no. The crt0.o argument passing convention specifies that
command-line arguments are seen as null-terminated strings. Since
Unicode uses the null character a lot...... Basically you *can't* pass
raw Unicode strings on a command line -- so I hope Samba never tries.
As to alternate code pages: I don't know enough about them to give a
good answer.
Peter
More information about the samba-technical
mailing list