Page 1 of 1
When scripting goes wrong.
Posted: Mon 04 Feb 2013, 05:01
by jpeps
Okay..I was nice and added a test directory. The "greetings" directory could have been installed in /root
Code: Select all
#!/bin/sh
mkdir -p /tmp/test/greetings
Greeting="In thanks for the wonderful time we've spent together"
echo "$Greeting"
touch /tmp/test/greetings/thanks.txt
echo $Greeting > /tmp/test/greetings/thanks.txt
MyGreetings ="greetings/thanks.txt"
## clean
rm -r "/tmp/test/$MyGreetings"
cd /tmp/test
Posted: Mon 04 Feb 2013, 10:36
by amigo
Was there a question in there somewhere?
Posted: Mon 04 Feb 2013, 16:47
by jpeps
amigo wrote:Was there a question in there somewhere?
Nothing you'd be able to answer.
Posted: Mon 04 Feb 2013, 17:49
by L18L
my console wrote:# MyGreetings ="greetings/thanks.txt"
bash: MyGreetings: command not found
#
HTH
Posted: Mon 04 Feb 2013, 18:23
by jpeps
L18L wrote:my console wrote:# MyGreetings ="greetings/thanks.txt"
bash: MyGreetings: command not found
#
HTH
..and the test directory was wiped out. If it had been placed in /root/greetings/thanks.txt, the root directory would be gone.
Code: Select all
/mnt/sda2/Desktop # ./testit
In thanks for the wonderful time we've spent together
./testit: line 14: MyGreetings: command not found
./testit: line 21: cd: /tmp/test: No such file or directory
Posted: Tue 05 Feb 2013, 09:47
by L18L
jpeps wrote:..and the test directory was wiped out...
Not if
#rm -r "/tmp/test/$MyGreetings"
[ -f $MyGreetings ] && rm -r "/tmp/test/$MyGreetings"
or does a "halt on all errors" exist?
Posted: Tue 05 Feb 2013, 17:10
by jpeps
Not if
#rm -r "/tmp/test/$MyGreetings"
[ -f $MyGreetings ] && rm -r "/tmp/test/$MyGreetings"
That would still wipe out your test directory.
[ $MyGreetings ] && rm -r "/tmp/test/$MyGreetings" would provide safety.
edit:
adding quotes seems to work:
[ -f "$MyGreetings" ]
Bash is a bit temperamental.
In the above scenario, you only have one shot at having it all correct.
Posted: Tue 05 Feb 2013, 19:07
by amigo
Are you sure it's even bash? Isn't your /bin/sh a link to busybox?
Posted: Tue 05 Feb 2013, 21:19
by jpeps
amigo wrote:Are you sure it's even bash? Isn't your /bin/sh a link to busybox?
No; ash is linked to busybox. That's inconsequential, however. The results are the same.
Code: Select all
lrwxrwxrwx 1 root root 4 2011-09-16 23:00 /bin/sh -> bash
GNU bash, version 4.1.0(1)-release (i686-pc-linux-gnu)
Posted: Wed 06 Feb 2013, 08:29
by amigo
It's far from inconsequential which exact shell is being used to run a script. No two of them support exactly the same features and syntax. So, many scripts which simply point to /bin/sh assume features which may or may not be there on another system.
Posted: Wed 06 Feb 2013, 15:32
by jpeps
amigo wrote:It's far from inconsequential which exact shell is being used to run a script. No two of them support exactly the same features and syntax. So, many scripts which simply point to /bin/sh assume features which may or may not be there on another system.
It's a simple script that wipes out the mother directory, either with bash or with ash.
Posted: Sat 16 Feb 2013, 00:00
by Ibidem
This is what
is for, according to Google.
Amigo: the problem is the space between MyGreetings and ="greetings/thanks.txt", which makes any shell assume you meant "execute MyGreetings with the parameter =greetings/thanks.txt"
Then, when you try to use the variable MyGreetings, it's empty.
Now if someone malicious had exported MyGreetings=../../sbin/init just before you executed this...
And then there's the chance that someone dropped an executable by that name somewhere.
I usually use
Posted: Sun 24 Feb 2013, 16:15
by jpeps
Ibidem wrote:This is what
is for, according to Google.
Amigo: the problem is the space between MyGreetings and ="greetings/thanks.txt", which makes any shell assume you meant "execute MyGreetings with the parameter =greetings/thanks.txt"
Then, when you try to use the variable MyGreetings, it's empty.
Now if someone malicious had exported MyGreetings=../../sbin/init just before you executed this...
And then there's the chance that someone dropped an executable by that name somewhere.
I usually use
Typically, spaces are commonly used when declaring variables, for example in java or C,
and wouldn't have a protective "test" directory to prevent deletion of the parent directory.