"sharks" shar checking script
Rich Morin
rdm at hoptoad.uucp
Thu Oct 2 03:32:03 AEST 1986
In article <1814 at utah-gr.UUCP>, thomas at utah-gr.UUCP (Spencer W. Thomas) writes:
>
> Unfortunately, this nice idea is insufficient against the determined
> system cracker. (demonstrates nifty backquote gotcha...)
>
> Oh well.
>
You're right, of course, and thanks for the input. I think that two
responses are appropriate:
1 Modify sharks to look for "unquoted" here documents with
backquotes in them. The following script (run under sh on
a Sun.) shows that only the "nq" example fires.
:
: tst
:
cat << eof
`echo nq`
eof
cat << \eof
`echo bs`
eof
cat << 'eof'
`echo sq`
eof
cat << "eof"
`echo dq`
eof
2 Write a script (flipper?) to change unquoted here documents
into quoted ones. This may be a problem if there is a good
reason for leaving the here document unquoted, but maybe a
conservative approach is justified, even so. Besides, only
"suspicious" files would have to be so modified...
I am working on both of these approaches, and should post the results
soon. I will try to keep from being offended by postnews's apparent
reluctance to put my tiny (~100 line) offerings into net.sources. I
realize that C programmers hardly get started in 100 lines, while a
shell scripter is usually done by then...
Please post (or E-mail, as appropriate) other gotchas as you find them.
If an insurmountable gotcha is found, I can give up (or accept the
imperfection). Otherwise, a useful tool may evolve...
-Rich
--
Richard Morin, proprietor {hoptoad,leadsv,lll-lcc}!cfcl!rdm
Canta Forda Computer Lab. +1 415 994 6860
Post Office Box 1488 Full spectrum consulting services
Pacifica, CA 94044 USA for science and engineering.
More information about the Comp.sources.bugs
mailing list