How to read bash script-style config more safely?
# Read environment from config file set -o allexport source my_config_file.conf set +o allexport
Format of the config file is like that:
VAR1=eee VAR2="dsfsdf sd fsdf" VAR3=$VAR1 # comment
How to do it more safely (allowing some expansions, but without actually executing commands in config file). The "safety" should protect from occasional inserting of wrong snippets into config, not from specially crafted attacks.
VAR1=eee is a command, so which commands do you want to stop? Let's assume it is external programs.
One way would be to trash PATH:
oldPATH="$PATH" PATH= set -o allexport source /full-path-name/my_config_file.conf set +o allexport PATH="$oldPATH"
But wait! Commands are "hashed", so you need to clear the hash first as well, so add hash -r. You might also need to clear aliases as well, for example ls is often an alias.
This is easily curcumvented by supplying the full path name of the command, for example /usr/bin/man, but that's about the limit of what you can do.