topic Re: echo command in Operating System - HP-UX

echo command

malay boy — Tue, 29 May 2007 00:30:43 GMT

Hi ,
I have this script test.sh as below:

for x in "${*}"
do
echo $x > /tmp/rub.log
done

But the problem is is if I do below :

./test.sh `pwd`

when I do :

#more /tmp/rub.log
/tmp

What i intend to do is so that even if I put in

#./test.sh `pwd`
#more /tmp/rub.log
`pwd`

any help please

Regards
mB

Re: echo command

Steven Schweda — Tue, 29 May 2007 01:05:38 GMT

The shell expands:
`pwd`
into:
/tmp
(or whatever it is), so your script sees
only:
/tmp
(or whatever), not:
`pwd`
.

You could use apostrophes to quote the thing:
./test.sh '`pwd`'

Re: echo command

malay boy — Tue, 29 May 2007 01:23:39 GMT

Thanks ..

But the problem is i cannot control the user input ..

So we might have user doing ./test.sh `rm -rf *` and it will damage the system.

We are trying to play around with the script whether we can avoid this.

Any idea how ?

Re: echo command

Andrew Young_2 — Tue, 29 May 2007 01:25:50 GMT

Hi.

The other way would be to Escape the special characters instead of putting them in quotes.

So it would read

#./test.sh \`pwd\`

The problem with quoting is that shells evaluate single quotes(') and double quotes (") differently and this can be confusing especially to shell script novices.

HTH

Andrew Y

Re: echo command

Steven Schweda — Tue, 29 May 2007 01:40:37 GMT

> So we might have user doing ./test.sh
> `rm -rf *` and it will damage the system.

If the user can damage the system that way,
then why couldn't he do it more easily by
just saying:
rm -rf *
?
Why would he need your script to cause
trouble?

> We are trying to play around with the
> script whether we can avoid this.

Good luck. As I said, your script never
sees:
`pwd`
or:
`rm -rf *`
The shell evaluates those expressions before
it passes the output to your script.

Re: echo command

Dennis Handly — Tue, 29 May 2007 02:35:21 GMT

It is silly to do this: "${*}"
It is the same as ${*}. If you want each quoted you must use: "${@}"

Re: echo command

Tony Abo — Wed, 30 May 2007 07:47:53 GMT

It sounds like you really want to write your own shell so you can parse the commands yourself and decide what is or isn't appropriate to execute.

There is the restricted shell (rsh) that prevents certain kinds of command execution.

Re: echo command

Tony Berry — Fri, 01 Jun 2007 16:00:32 GMT

I think the other Tony is closest... sounds like mB wants to create a chroot'd jailed shell for users. HP-UX Restricted shell might be the easiest, unless he wants his users to have very limited abilities, then he should probably just write a 'case' statement script:

case ${RSH_CMD} in
rm)
echo "No way, Jose."
;;
ls)
/usr/bin/ls
;;
mv)
if [ "${USERNAME}" = "Tony" ]; then
/usr/bin/mv
else
echo "No way, Jose."
fi
;;
*)
echo "Not a supported command."
;;
esac

Anyway, you get the idea.