> We have all heard about security problems with shell variables Can some one post a test case that exploits this? While I understand the issue that the OP addressed, I can't seem to write a shell script that exploits this. Take this sample script: while read line; do foo=`echo $line` echo $foo done if I run it and enter something like "Jon; date" it just echos it back. The date command does not executed. If I run the script with the -x argument, it looks like this: $ bash -x x.sh + read line Jon; date ++ echo 'Jon;' date + foo='Jon; date' + echo 'Jon;' date Jon; date + read line It looks like the shell is putting single quotes around the ';'. I really believe that what the OP asked about is a problem, I just can't seem to generate a test case that illustrates it.
<<winmail.dat>>
