Skip to main content
Unix & Linux

Return to Question

Change the question to not assume risk.
Source Link
fuumind
fuumind
  • 449
  • 4
  • 14

Consider the following:

$ a='friend'
$ b='printf "%s\n" "$a"'
$ eval "$b"
friend

This should be completely safe. Let's however say that $b is the same but $a is unknown. WhatAre there any security implications are there then to eval "$b" and if so, what can I do to mitigate them?

Consider the following:

$ a='friend'
$ b='printf "%s\n" "$a"'
$ eval "$b"
friend

This should be completely safe. Let's however say that $b is the same but $a is unknown. What security implications are there then to eval "$b" and what can I do to mitigate them?

Consider the following:

$ a='friend'
$ b='printf "%s\n" "$a"'
$ eval "$b"
friend

This should be completely safe. Let's however say that $b is the same but $a is unknown. Are there any security implications then to eval "$b" and if so, what can I do to mitigate them?

corrected the use of printf and added its output to the blockquote
Source Link
fuumind
fuumind
  • 449
  • 4
  • 14

Consider the following:

$ a='friend'
$ b='printf "%s\n" "$a"'
$ eval "$b"
friend

This should be completely safe. Let's however say that $b is the same but $a is unknown. What security implications are there then to eval "$b" and what can I do to mitigate them?

Consider the following:

$ a='friend'
$ b='printf "$a"'
$ eval "$b"

This should be completely safe. Let's however say that $b is the same but $a is unknown. What security implications are there then to eval "$b" and what can I do to mitigate them?

Consider the following:

$ a='friend'
$ b='printf "%s\n" "$a"'
$ eval "$b"
friend

This should be completely safe. Let's however say that $b is the same but $a is unknown. What security implications are there then to eval "$b" and what can I do to mitigate them?

Source Link
fuumind
fuumind
  • 449
  • 4
  • 14

Security implications of executing strings using eval in bash

Consider the following:

$ a='friend'
$ b='printf "$a"'
$ eval "$b"

This should be completely safe. Let's however say that $b is the same but $a is unknown. What security implications are there then to eval "$b" and what can I do to mitigate them?