[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-bash] bash suitable for parsing big files?
From: |
adrelanos |
Subject: |
Re: [Help-bash] bash suitable for parsing big files? |
Date: |
Sun, 15 Sep 2013 22:46:42 +0000 |
Chris Down:
> On 2013-09-14 04:21, adrelanos wrote:
>> This was another fine idea. I am now using:
>>
>> while read -r package status arch version_with; do
>> ...
>> done < <(dpkg-query --admindir="$dpkg_status_folder"
>> --showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
>> --show \*)
>>
>> Is this safe from a security perspective (this is untrusted input) of
>> could a malformed dpkg status file containing things like "`$(echo a)`"
>> lead to code execution in bash?
>
> That entirely depends on where you are getting these variables from.
There is only one variable. dpkg_status_folder and it's set by the
verification script itself, so it is trusted.
The dpkg-query binary is trusted, because it's the one from the machine
doing the verification.
The /var/lib/dpkg/status file, which dpkg-query will parse is untrusted,
because it's read from the image.
So if we look again at
done < <(dpkg-query --admindir="$dpkg_status_folder"
--showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
--show \*)
I could rephrase my question as: Is it possible, that anything within
"done < <(...)" gets executed? For example, "dpkg-query
--showformat="\${Package}\t\${db:Status-Abbrev}\t\${Architecture}\t\${Version}\n"
--show \*" could return a bogus line containing "zenity-common ii
all $(echo a)".
- Re: [Help-bash] bash suitable for parsing big files?, (continued)
- Re: [Help-bash] bash suitable for parsing big files?, Matthew Cengia, 2013/09/13
- Re: [Help-bash] bash suitable for parsing big files?, adrelanos, 2013/09/13
- Re: [Help-bash] bash suitable for parsing big files?, Matthew Cengia, 2013/09/13
- Re: [Help-bash] bash suitable for parsing big files?, Matthew Cengia, 2013/09/13
- Re: [Help-bash] bash suitable for parsing big files?, adrelanos, 2013/09/14
- Re: [Help-bash] bash suitable for parsing big files?, adrelanos, 2013/09/14
- Re: [Help-bash] bash suitable for parsing big files?, Chris Down, 2013/09/15
- Re: [Help-bash] bash suitable for parsing big files?, Greg Wooledge, 2013/09/13
- Re: [Help-bash] bash suitable for parsing big files?, adrelanos, 2013/09/14
- Re: [Help-bash] bash suitable for parsing big files?, Chris Down, 2013/09/15
- Re: [Help-bash] bash suitable for parsing big files?,
adrelanos <=
- Re: [Help-bash] bash suitable for parsing big files?, Chris Down, 2013/09/15
- Re: [Help-bash] bash suitable for parsing big files?, adrelanos, 2013/09/15
- Re: [Help-bash] bash suitable for parsing big files?, Chris Down, 2013/09/16