The Pitfalls of Quoting and Special Characters in find -exec The find command in Linux allows users to search for files matching certain criteria and then perform actions on those files using the -exec option. However, properly quoting arguments and handling special characters in filenames can be tricky when using -exec. If arguments are not…
The Dangers of Unfiltered User Input in -exec The -exec option in the find command allows users to execute other commands and scripts by passing arguments. However, this opens up find to command injection attacks if untrusted input is passed without sanitization. Attackers can inject malicious code into the arguments that gets executed with root…
Escaping Regular Expressions Natively Properly escaping regular expressions in shell scripts can be challenging. Metacharacters like ., *, ^, $, [], {}, () carry special meaning and will not match literally by default. Usually external utilities like sed or awk are used to escape these characters. However, native regular expression escaping built into shells like…
Escaping Untrusted Inputs to Prevent Security Issues Why Escaping Untrusted Strings Matters Failing to properly escape untrusted strings can lead to injection attacks, where malicious input is interpreted as code or commands by an application. Real-world examples include SQL injection attacks that obtain unauthorized database access, cross-site scripting (XSS) vulnerabilities that execute scripts in a…
Sed is a powerful text processing tool that allows matching input text against regular expression patterns. However, improperly sanitizing user input before using it in sed can introduce security vulnerabilities and enable code injection attacks. This article covers techniques for properly escaping arbitrary user input to prevent exploitation when using sed. Why Escape User Input?…
Why Escaping Metacharacters Matters Sed is a powerful stream editing utility available on Unix-like platforms that allows users to perform text transformation and substitution operations on streams and files. At the core of sed’s functionality is its ability to match text patterns for editing using regular expressions. However, many common characters that are regular expression…
Optimizing Linux Performance: An Overview Achieving optimal application performance on Linux requires an understanding of the key system components and resources. By tuning the kernel, file systems, memory usage and CPU utilization for your specific workload, significant performance gains can be realized. The first step is benchmarking the system to pinpoint any bottlenecks. Common areas…
Defining Access Control Access control is a security technique that regulates which users or processes have the ability to access a system resource like a file, directory, or network service. The goals of access control are to prevent unauthorized access and malicious activity while enabling legitimate use. On Linux systems, access control policies are implemented…
The Problem with Unescaped Metacharacters in sed Briefly explain issue of unescaped regex metacharacters causing unintended behavior in sed scripts when variables are interpolated. Why Metacharacters Need Escaping Explain how metacharacters are interpreted by sed engine and can trigger actions or patterns unintentionally. Examples of Problems Caused by Unescaped Metacharacters Provide concrete examples of errors…
Why Backticks Persist in Shell Scripts Despite being deprecated in favor of $( ) syntax, backticks continue to have a stubborn persistence in shell scripts. There are several key reasons this antiquated command substitution syntax has yet to fade away: There is a massive amount of legacy shell scripts that rely on backticks for command…