Hi,
Am Sonntag, den 27.03.2011, 08:16 +0530 schrieb Raj Mathur (राज माथुर):
On Sunday 27 Mar 2011, Binand Sethumadhavan wrote:
2011/3/27 Joachim Breitner mail@joachim-breitner.de:
grep -q "^$USER$" present
as discussed in the meeting, this is not sufficient. Safer would be $ fgrep -qx "$USER" present
Why is the first one not sufficient? Why is it unsafe?
Both are unsafe. Consider the user who enters his username as (literally):
Raj `rm -rf /`Mathur
Then your grep command translates to:
grep -q "^Raj `rm -rf /`Mathur$" present
and if your app is running as root, voila! no more files on your system! The user is marked present too :)
The OP needs to do much more thinking about input sanitisation.
No, this line is safe with $ fgrep -qx "$USER" present
Thanks to the quotes around $USER, the `...` part would not be executed. But the quotes should be around every use of USER, in the later part of the code your exploit works.
Greetings, Joachim