[Sugar-devel] Quoting in shell scripts (was: Re: [sugar-devel] Recent fiddlings with Print Support)
Jonas Smedegaard
dr at jones.dk
Wed May 13 05:53:05 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On Wed, May 13, 2009 at 10:25:36AM +0200, Sascha Silbe wrote:
> On Wed, May 13, 2009 at 01:03:26PM +0530, Vamsi Krishna Davuluri
> wrote:
>
>> Okay, so here's the latest dope.
> I hope you don't mind me pointing out a few oversights in your script
> publically. The main reason is that I want to remember others (e.g.
> GSoC students) to be careful about quoting - a topic that
> unfortunately doesn't seem to get as much attention in university
> courses as it deserves.
>
>> sandbox=${TMPDIR-/tmp}/cups-odftops.$$
>> (umask 077 && mkdir $sandbox) || exit 1
> TMPDIR and thus later sandbox may contain any character, so you need
> to quote them.
While we are at it, I believe it is safer and more elegant to use mktemp
than $$ (which in theory can be captured by evil-doers using simple ps
on a very slow system). Also, I usually avoid subshells to not risk
hiding failures (you need to do "set -e" inside each subshell).
Here's my suggested variant of above:
sandbox="$(mktemp -t cups-odftops.XXXXXX)"
mkdir -m 077 "$sandbox" || exit 1
Enjoy :-)
- Jonas
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREDAAYFAkoKmIEACgkQn7DbMsAkQLi6VQCeIsalYM8qNJApqtDA6MHuszjV
A5sAoIGEd4avfdoYB/syXpwg7l2vdI4/
=iMab
-----END PGP SIGNATURE-----
More information about the Sugar-devel
mailing list