Hi,
Am Sonntag, den 27.03.2011, 12:52 +0530 schrieb Osric Fernandes:
2011/3/27 Raj Mathur (राज माथुर):
On Sunday 27 Mar 2011, Joachim Breitner wrote:
No, this line is safe with $ fgrep -qx "$USER" present
Thanks to the quotes around $USER, the `...` part would not be executed. But the quotes should be around every use of USER, in the later part of the code your exploit works.
As Binand pointed out in personal mail, you are absolutely correct and the shell will not interpret `...` commands in a variable read from a user.
So, given BASH's treatment of quoted variables, is there any difference between the two?
grep -q "^$USER$" present fgrep -qx "$USER" present
yes. If present contains:
Anup Deepak
and $USER is set to “.*” then the first one will return true (because the regular expression .* matches at least one line in present) while the second will correctly say that it is not in present.
You have to distinguish between special characters interpreted by bash and special characters interpreted by grep.
Greetings, Joachim