安全的方式来计算的设置环境变量 [英] Safe way to set computed environment variables

问题描述

我有我修改，以接受来自标准输入键值对一个bash脚本。 （它是由xinetd的催生。）我怎样才能安全地转换这些键值对到环境变量的子进程？

I have a bash script that I am modifying to accept key=value pairs from stdin. (It is spawned by xinetd.) How can I safely convert those key=value pairs into environment variables for subprocesses?

我打算只允许用predefined preFIXCMK_开始键，以避免IFS或任何其他危险的变量得到设置。但简单的方法

I plan to only allow keys that begin with a predefined prefix "CMK_", to avoid IFS or any other "dangerous" variable getting set. But the simplistic approach

function import ()
{
    local IFS="="
    while read key val; do
        case "$key" in CMK_*)
            eval "$key=$val";;
        esac
    done
 }

是可怕的不安全，因为$ VAL可以包含各种肮脏的东西。这似乎是它的工作：

is horribly insecure because $val could contain all sorts of nasty stuff. This seems like it would work:

shopt -s extglob
function import ()
{
    NORMAL_IFS="$IFS"
    local IFS="="
    while read key val; do
        case "$key" in CMK_*([a-zA-Z_]) )
            IFS="$NORMAL_IFS"
            eval $key='$val'
            export $key
            IFS="="
            ;;
        esac
    done
 }

但（1）它使用了我以前从未使用过的时髦extglob的事情，（2）它的复杂，以至于我不能自如，它是安全的。

but (1) it uses the funky extglob thing that I've never used before, and (2) it's complicated enough that I can't be comfortable that it's secure.

我的目标，具体而言，就是让键=值设置通过bash脚本传递到所谓过程的环境。它是由子进程来处理越来越设置潜在的敌对值。

My goal, to be specific, is to allow key=value settings to pass through the bash script into the environment of called processes. It is up to the subprocesses to deal with potentially hostile values getting set.

我修改别人的剧本，所以我不希望只是将其转换为Perl和用它做。我也宁可不改变它周围不同的调用子进程，像

I am modifying someone else's script, so I don't want to just convert it to Perl and be done with it. I would also rather not change it around to invoke the subprocesses differently, something like

#!/bin/sh
...start of script...
perl -nle '($k,$v)=split(/=/,$_,2); $ENV{$k}=$v if $k =~ /^CMK_/; END { exec("subprocess") }'
...end of script...

更新：我结束了有什么用为重点检查：

Update: What I ended up using for the key check is:

if [ "$key" = "${key%[^a-zA-Z_0-9]*}" ]; then

它不需要extglob（全局设置）或正则表达式（仅在bash> = 3）。它的工作原理不扔任何东西在允许的字符的白名单，然后比较结果到原来的。如果没有被抛出，那么整个键只能包含白名单中的字符。

It doesn't require extglob (global setting) or regexes (only in bash >= 3). It works by throwing out anything not in a whitelist of allowed characters, then comparing the result to the original. If nothing was thrown out, then the whole key must contain only whitelisted characters.

推荐答案

这是很多安全以使用声明比评估：

shopt -s extglob
function import ()
{
    NORMAL_IFS="$IFS"
    local IFS="="
    while read key val; do
        case "$key" in 
            CMK_*([a-zA-Z_]) )
                IFS="$NORMAL_IFS"
                declare $key="$val"  2>/dev/null || echo "Bad key"
                IFS="="   # why set this here?
                ;;
            *)
                echo "Bad key"
                ;;
        esac
    done
}

如果你不想使用 extglob ，你可以使用正则表达式匹配测试：

If you don't want to use extglob, you can use a regex matching test:

while ...
if [[ $key =~ CMK_ ]]    # or something like: [[ $key =~ CMK_[[:alpha:]] ]]
then
    declare ...
else
    echo "Bad key"
fi

此外，请参阅这个。

这篇关于安全的方式来计算的设置环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！