GAH! Bash script insanity

Chris Devers cdevers at pobox.com
Wed Jan 28 21:42:01 EST 2004 

On Wed, 28 Jan 2004, Joshua Pollak wrote:

> On Jan 28, 2004, at 4:56 PM, Dan Barrett wrote:
> 
> > Your params file looked like a bash script anyhow, so why not either:
> >
> > [[ snip --c.d. ]]
> > c) have your make system do all of this
> 
> Well, this is a fairly rational idea. However, the one issue is that 
> each line is prepended by a platform modifier:
> 
> win32:PARAMETER=myParam
> unix:PARAMETER=myParam
> 
> I guess on Unix I could do something like:
> 
> sed -e /#.*// user.cfg | sed -e /win32.*// | sed -e /macx.*// | source

Ignoring for a minute the riskiness of auto-executing random strings of
text, you don't need to call sed three times for a line like this:

    $ sed -e /#.*// user.cfg \
          -e /win32.*//      \
          -e /macx.*//       \
    | source

And that's just broken across lines for readability; you can of course
collapse it back to one line in your script if you'd like.  

> would work... can you source stdin? Or would I just execute the output
> of the sed commands? The variables set there wouldn't get exported then
> though.... 

If piping to source doesn't work, you could always just direct your output
to a file, and then execute that file:

    $ sed -e /#.*// user.cfg \
          -e /win32.*//      \
          -e /macx.*//       \
    > /tmp/sed.out
    $ source /tmp/sed.out

But things like this usually work without temp files. 

On the other hand, I'm still nervous about naively executing this kind of
arbitrary text string without attempting to examine it first. If you use
the trick of outputting to a file & then executing it, you at least have
some kind of audit trail of what got executed. Alternatively, you can save
the results to a variable, output that variable to a log file, then
execute that variable. 

    $ TMP=`sed -e /#.*// user.cfg \
               -e /win32.*//      \
               -e /macx.*//`
    $ echo "`date`: $TMP" >> /var/log/loginscript.out
    $ `$TMP`

Or something like that. It's not perfect -- if the command in the string
really is `rm -rf /`, then you could lose /var/log/... along with
everything else on your system. 

But it's better than nothing.




-- 
Chris Devers

More information about the Discuss mailing list