You're reading from The Ultimate Linux Shell Scripting Guide Automate, Optimize, and Empower tasks with Linux Shell Scripting

Product type Paperback

Published in Oct 2024

Publisher Packt

ISBN-13 9781835463574

Length 696 pages

Edition 1st Edition

Languages

Bash

Tools

Linux

Concepts

Cybersecurity

Author (1):

Donald A. Tevault

View More author details

Table of Contents (26) Chapters

Preface

1. Getting Started with the Shell FREE CHAPTER

2. Interpreting Commands

3. Understanding Variables and Pipelines

4. Understanding Input/Output Redirection

5. Customizing the Environment

6. Text-Stream Filters – Part 1

7. Text Stream Filters – Part 2

8. Basic Shell Script Construction

9. Filtering Text with grep, sed, and Regular Expressions

10. Understanding Functions

11. Performing Mathematical Operations

12. Automating Scripts with here Documents and expect

13. Scripting with ImageMagick

14. Using awk – Part 1

15. Using awk – Part 2

16. Creating User Interfaces with yad, dialog, and xdialog

17. Using Shell Script Options with getops

18. Shell Scripting for Security Professionals

19. Shell Script Portability

20. Shell Script Security

21. Debugging Shell Scripts

22. Introduction to Z Shell Scripting

23. Using PowerShell on Linux

24. Other Books You May Enjoy

25. Index

Understanding Command Injection with eval

Another major problem with shell script security involves scripts that accept input from untrusted users or untrusted sources. If the script is coded incorrectly, an attacker could use it to inject malicious commands as the script’s input. Before we look at examples of that, let’s look the eval command, which facilitates passing data or commands into a script.

Using eval on the Command-line

The eval command is a shell builtin that’s available on most shells. It’s very handy when used properly, but dangerous when used improperly. Before we get into that, let’s look at how eval works on the command-line.

Okay, eval is one of those commands that can be really complex to fully understand. So, to keep things simple, I’ll be presenting some rather simplistic eval demos in this section. Even though they’ll demonstrate things that you’ll never do in real life, they’ll...