bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Execution of a data string


From: L. A. Walsh
Subject: Re: Execution of a data string
Date: Fri, 23 Sep 2016 12:21:34 -0700
User-agent: Thunderbird



Reuti wrote:
Am 22.09.2016 um 15:23 schrieb Greg Wooledge <address@hidden>:

On Wed, Sep 21, 2016 at 11:15:45PM -0400, address@hidden wrote:
declare -a "$string"       # results in execution of $string
declare -a a=($string)    # does not result in execution of $string
This is why you don't use the first form.  It's the same with eval --
if you don't have full control over the statement being eval'ed, then
you risk undesired code execution.
Even without `eval` it's dangerous, i.e. specifying solely $ExecuteThisData on 
the command line.
----
   It's amazing how much people expect to be protected from doing anything
stupid. *nix is not a walled garden (despite appearances it is heading in that
direction).




reply via email to

[Prev in Thread] Current Thread [Next in Thread]