Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
howto:conffile [2015/08/08 15:53]
bill_thomson
howto:conffile [2015/08/08 15:57]
bill_thomson
Line 69: Line 69:
 </​code>​ </​code>​
  
-You don't want these ''​echo''​-commands (which could be any other commands!) to be executed. One way to be a bit safer is to filter only the constructs you want, write the filtered results to a new file and source the new file. Also, we need to be careful that someome ​hasn'​t ​tacked on something nefarious ​to the end of one of our name=value parameters, perhaps using ; or && command separators. In those cases, perhaps it is simplest to just ignore the line entirely. Egrep (''​grep -E''​) will help us here, it filters by description:​+You don't want these ''​echo''​-commands (which could be any other commands!) to be executed. One way to be a bit safer is to filter only the constructs you want, write the filtered results to a new file and source the new file. We also need to be sure something nefarious ​hasn'​t ​been added to the end of one of our name=value parameters, perhaps using ; or && command separators. In those cases, perhaps it is simplest to just ignore the line entirely. Egrep (''​grep -E''​) will help us here, it filters by description:​
  
 <​code>​ <​code>​
Line 87: Line 87:
 source "​$configfile"​ source "​$configfile"​
 </​code>​ </​code>​
-**__To make clear what it does:__** egrep checks if the file contains something we don't want, if yes, egrep filters the file and writes the filtered contents to a new file. If done, the original file name is changed to the name stored in the variable ''​configfile''​. ​Then file named by that variable is sourced, as if it were the original file.+**__To make clear what it does:__** egrep checks if the file contains something we don't want, if yes, egrep filters the file and writes the filtered contents to a new file. If done, the original file name is changed to the name stored in the variable ''​configfile''​. ​The file named by that variable is sourced, as if it were the original file.
  
 This filter allows only ''​NAME=VALUE''​ and comments in the file, but it doesn'​t prevent all methods of code execution. I will address that later. This filter allows only ''​NAME=VALUE''​ and comments in the file, but it doesn'​t prevent all methods of code execution. I will address that later.
  • howto/conffile.txt
  • Last modified: 2015/08/08 16:00
  • by bill_thomson