python.list at tim.thechases.com
Wed Nov 26 16:23:11 CET 2014
On 2014-11-26 08:58, Tim Daneliuk wrote:
> On 11/26/2014 06:56 AM, Tim Chase wrote:
> > On 2014-11-26 00:04, Tim Daneliuk wrote:
> >> someprog.py uname && sudo cat /etc/sudoers
> >> vs.
> >> someprog.py uname && echo "sudo cat /etc/suoders"
> >> In the first instance, I need the sudo passoword, in the second I
> >> don't.
> > This doesn't jibe with the pairs of quotes you sent and your
> > request for nesting. In most popular shells, the majority of
> > your "quote" characters don't actually quote anything:
> > bash$ echo // hello
> > // hello
> > bash$ echo /* hello */
> > [returns all the items in my root directory, the word "hello",
> > along with all the sub-directories in the current directory]
> > bash$ echo this#and#that
> > this#and#that
> > bash$ echo this # and #that
> > this
> > and has problems with things like
> > someprog.py uname && su""do cat /etc/sudoers
> > someprog.py uname && s"ud"o cat /etc/sudoers
> > which my shell will parse valid execution of sudo.
> I am not writing in bash, but in python.
> The specific program in question I am modifying is one that takes a
> shell command and executes it remotely on many machines.
While my examples used bash, it doesn't matter whether your local
code is Python, Perl, Ruby, Lua, or Visual Basic: you have to parse
the string like it's the shell on those remote machines that parses
for whether sudo is used. This could be bash, zsh, tcsh, sh, pdksh,
dash, or whatever. The particular shell doesn't matter (in the
abstract). What matters is that you are checking whether a command
that will be processed by one of these remote shells will need a
password. To do that, you need to parse the string as that
particular shell would. Usually, on Linux boxes, this is bash, while
on FreeBSD defaults to tcsh, and OpenBSD defaults to pdksh.
Unless you successfully parse it like your target shell will, you
will have edge cases where the quoting fails.
More information about the Python-list