diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2018-01-11 19:18:05 +1300 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2018-01-11 19:18:05 +1300 |
commit | 47cf35e2342f32149ba608851c4a514758447944 (patch) | |
tree | 4520d382ff417cf94a2f1dbadc5a0dd630348d38 /man | |
parent | Merge branch 'feature/vim-doc-fix' into develop (diff) | |
download | dotfiles-47cf35e2342f32149ba608851c4a514758447944.tar.gz dotfiles-47cf35e2342f32149ba608851c4a514758447944.zip |
Make first ax(1df) arg safer, warn on second arg
The format in the first argument does not need to be evaluated, so it
can be passed in a simple awk variable.
The second argument is evaluated, by design, so code injection is
trivial. It's probably a good idea to warn users about this explicitly.
$ ax '0);system("cat /etc/passwd")'
Make the whole thing a little terser, too, with the awk program
construction, variable assignment, and invocation all on one line.
Diffstat (limited to 'man')
-rw-r--r-- | man/man1/ax.1df | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/man/man1/ax.1df b/man/man1/ax.1df index b3218d37..ffdaabe3 100644 --- a/man/man1/ax.1df +++ b/man/man1/ax.1df @@ -1,4 +1,4 @@ -.TH AX 1df "July 2016" "Manual page for ax" +.TH AX 1df "January 2018" "Manual page for ax" .SH NAME .B ax \- evaluate an awk expression @@ -11,5 +11,9 @@ evaluates an expression given on the command line with awk(1) and prints its result using awk's printf, with an optional format specified preceding the expression. +.SH SECURITY +Note that the second argument has no evaluation protection on it. There's very +little to stop a user putting a fully-fledged awk program in as the second +argument if they needed to. Don't accept untrusted user input in this argument! .SH AUTHOR Tom Ryder <tom@sanctum.geek.nz> |