[PATCH] RFC: shell-safe version of string_sub()?

Peter Samuelson peter at cadcamlab.org
Wed Oct 25 19:36:34 GMT 2000


[Nico Williams]
> Very, very cool.  I like this very much.

Thanks.

> But I am very grateful as this patch is very good, from a security
> point of view.

Perhaps, but note that it is not a silver bullet.  (Like a free lunch,
there ain't no such thing.)  It allows all manner of strange characters
in command arguments.  Sure, they are shell-escaped, but if your
command line is *itself* a shell script, that script had better be
careful!  So, unless you are very very experienced with shell scripting
and know the issues involved, I would recommend using something more
robust, such as C, Perl or Python.  Judging from the scripts I have
come across in my career as a Unix user, an overwhelming percentage are
not even close to weird-argument-safe -- so I must conclude that most
Unix users are *not* in fact very familiar with these issues.

> Hmmm, what about unicode/code pages? Will this patch work as intended?

Unicode: no.  The crt0.o argument passing convention specifies that
command-line arguments are seen as null-terminated strings.  Since
Unicode uses the null character a lot......  Basically you *can't* pass
raw Unicode strings on a command line -- so I hope Samba never tries.

As to alternate code pages: I don't know enough about them to give a
good answer.

Peter




More information about the samba-technical mailing list