This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ssh-host-config eval password bug


Eric Blake wrote:
The eval is still reasonable, but with proper quoting:

if eval cygrunsrv ... -y tcpip "${cygwin_env}"

No, thats not true. It is impossible to safely eval arbitrary user input. Your simple quote doesn't help much:

# x="ok;ls"
# eval echo "{$x}"

For more in depth information, read this:
http://mywiki.wooledge.org/BashFAQ/048

- Ian Kelling


-- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]