[PLUG] sd save directory alias
Tim Bruce
timb at bruce4.com
Fri Jul 13 20:14:13 UTC 2007
On Fri, July 13, 2007 12:14, Keith Lofstrom said:
> On Fri, Jul 13, 2007 at 09:29:11AM -0700, Eric Wilhelm wrote:
>> # from Paul Heinlein
>> # on Friday 13 July 2007 07:51 am:
>>
>> >On Thu, 12 Jul 2007, Keith Lofstrom wrote:
>> >> alias sd='echo $PWD > ~/.sd'
>> >> alias ds='cd `cat ~/.sd`'
>> >A couple minor tweaks seem reasonable to me:
>> >
>> > alias sd='echo "cd $PWD" > ~/.sd;'
>> > alias ds='source ~/.sd'
>> >
>> >Sourcing the file, rather than executing it, seems somewhat cleaner
>> >and more secure to me.
>>
>> Wait a second. We're falling into the shell security twilight zone here
>> or something. We're talking about bash, right?
>>
>> $(cat ~/.sd) only executes cat. OTOH, `source` executes whatever
>> commands are in the file. Keith's original code has no security holes
>> that I can see.
>>
>> --Eric
>
> First the wrong version of the posting went out - working late :-(.
> The sd command should be simply:
>
> alias sd='pwd > ~/.sd'
>
> The potential security flaw is that if Eve somehow gets write access
> to .sd she could write something like :
> ~ ; rm -rf *
> ... into that file. Running ds would then wipe out the home
> directory, for example. What is really needed in a less trustworthy
> environment is a version of ds that contains a filter to detect crap
> like that, and emit a warning rather than execute something nasty.
> Ask Randal; he can probably come up with a Perl one-liner to do it.
>
> Of course, if Eve can fiddle with .sd , she can probably create her
> havoc more directly. Still, the rule of mimimum privilege applies.
>
> Keith
>
> P.S. ... and no, pushd and popd and dirs cannot do the same thing;
> they only work within one bash shell, not between them, as this is
> intended to. It purposely leaks information between bash shells.
>
> --
> Keith Lofstrom keithl at keithl.com Voice (503)-520-1993
> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
You may want to add something like $PID as well.
And, even though you're sharing it across multiple bash shells, you can
end up "clobbering" the existing file since each time you invoke sd you
will overwrite the previous instance. If you're running two shells, you
could have one shell overwrite the value from another shell.
Tim
--
Timothy J. Bruce
visit my Website at: http://www.tbruce.com
Registered Linux User #325725
More information about the PLUG
mailing list