[mythtv-users] User jobs - bash way to handle spaces in title ?
Peter Watkins
peterw at tux.org
Mon Jun 26 20:21:33 UTC 2006
Jerry Bett wrote:
> This may be more of a bash question than a myth question ... if so,
> forgive me.
>
> I have a user job that encodes shows for my Palm TX ... run as :
>
> palmencode $FILE% "$TITLE%" "%SUBTITLE%"
>
> 'palmencode' is a bash script inputing the command line as $1, $2 and $3
> How can one get the full title with spaces and other special characters ?
Eek. When you find a decent fix for this, update
http://www.mythtv.org/wiki/index.php/User_Jobs
This looks like a likely security problem; what happens if someone at
the organization providing your listings decides to publish a subtitle like
x;#";#';touch /tmp/coulda-done-anything
Would Myth then cause "touch /tmp/coulda-done-anything" to run? Does
Myth have anything like Wietse Venema's safe_finger character scrubber?
I think the best approach with the current features would be to only
pass a variable that should only have safe chars like %FILE% to some
wrapper script. The wrapper script would get the other details from
MySQL, and would scrub each variable extracted from MySQL before calling
palmencode. It's technically possible to safely call palmencode with
arbitrary data, e.g. in Perl, you can pass multiple args to an app with
system() by passing multiple arguments to system() like
system("/path/to/palmencode",$file,$title,$subtitle) should lead to
palmencode properly reading the input -- but I would not assume that
palmencode and the apps it calls can handle arbitrary strings. All too
often, Unix/Linux scripts and apps expect to be passed "safe" args.
Another approach would be to make a wrapper script and call it with a
user job like
palmencode_wrapper FILE____%FILE% TITLE____%TITLE% SUBTITLE____
Have palmencode_wrapper build a single string out of all the arguments,
use the odd ____ prefixes to extract the variables, change whitespace to
something like "_", scrub them of any characters not known to be OK
(regexp [^0-9a-zA-Z\.\_\-] ?), and then pass those sanitized args to
palmencode. This approach should work for most innocent title/subtitle
values, but it sounds like Myth is letting some shell expansion take
place, so this wouldn't be a bulletproof workaround.
I don't think you should have to go to that trouble though. IMO, Myth
should use a "positive"/"white list" filter (allow known good; discard
other) for those variables (and document the whitelist, so users know
whether to expect whitespace, for instance). If it doesn't, and my
'touch' suggestion really would make that test file, then it's a
security flaw.
Myth shouldn't bother trying to escape chars with "/", etc. Any app that
really needs the raw strings should check with the database.
-Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://mythtv.org/pipermail/mythtv-users/attachments/20060626/281bdf58/attachment.pgp
More information about the mythtv-users
mailing list