在Bash CGI中的同一变量中运行两个命令
[英]Running two commands in same variable in Bash CGI
问题描述
In my Bash CGI script, I take a command passed as GET parameter and execute it. 
在我的Bash CGI脚本中,我接受了作为GET参数传递的命令并执行它。 This could be: 可能是:
CMD='ls -al'
$CMD
Which works fine and produces expected output. 可以正常工作并产生预期的输出。 But if I try to pass two commands with 但是如果我尝试通过两个命令
CMD='ls -al; echo hello'
$CMD
or 要么
CMD='ls -al && echo hello'
$CMD
neither command gets executed. 这两个命令都不会执行。
How can I run multiple commands from the same line/variable in my bash CGI? 如何在bash CGI中从同一行/变量运行多个命令?
1 个解决方案
解决方案1
0 2015-02-03 23:46:03
You can execute variables as bash code using bash : 您可以使用bash变量作为bash代码执行:
# UNSAFE, DO NOT USE
cmd='ls -al; echo hello'
bash -c "$cmd"
Alternatively, depending on the context you want to run it in, you can use eval "$cmd" to run it as if it was a line in your own script, rather than a separate piece of shell code to execute: 或者,根据要在其中运行的上下文,可以使用eval "$cmd"来运行它,就好像它是您自己的脚本中的一行一样,而不是单独执行的一部分外壳代码:
# UNSAFE, DO NOT USE
cmd='ls -al; echo hello'
eval "$cmd"
Both of these methods have serious implications for security and correctness, so I felt I had to add warnings to prevent them from being copied out of context. 这两种方法都对安全性和正确性产生了严重影响,因此我觉得我必须添加警告以防止它们被复制到上下文之外。
For your remote shell or root kit specifically meant to run insecure user input, you can ignore the warnings. 对于专门用于运行不安全用户输入的远程Shell或root套件,您可以忽略警告。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.