FreshJR
Very Senior Member
I know this question isn't really 100% Merlin-WRT related but I will be using the eval command within my QoS script in an attempt to pass parameters "ByReference" to a function. The answers I get will affect Merlin-WRT in a round-about way.
I already looked this up on stack-exchange exchange and got both answers that eval is the devil and also a proposed solution that should be safe.
I am not 100% sure if it is safe so I would like to ask here first.
Here is a simple easy to read shell example.
The code works as expected. Just worried about security.
I tried privilege escalation by escaping the quotes via the following input
and it didn't escalate like I thought it would.
Is the stackexchange answer safe?
(I do have a messy alternative to eval via 48 almost duplicate functions instead a few byreference equivalents.)
I already looked this up on stack-exchange exchange and got both answers that eval is the devil and also a proposed solution that should be safe.
I am not 100% sure if it is safe so I would like to ask here first.
Here is a simple easy to read shell example.
Code:
byref()
{
echo -n "$1=" && eval "echo \${$1}"
input="bar" # this can be any user input
eval "$1=\$input"
}
var="foo"
byref var
echo "var=${var}"
########OUTPUT########
var=foo
var=bar
The code works as expected. Just worried about security.
not worried about first eval since $1 is explicitly/controlled passed from the "main" function
am worried about second eval due potential to arbitrary command execution user input to escaping quotes
am worried about second eval due potential to arbitrary command execution user input to escaping quotes
I tried privilege escalation by escaping the quotes via the following input
Code:
input='bar" && eval "echo here'
and it didn't escalate like I thought it would.
Is the stackexchange answer safe?
(I do have a messy alternative to eval via 48 almost duplicate functions instead a few byreference equivalents.)
Last edited: