So I have this existing command that accepts a single argument, but I need

Question

0

Asked: June 7, 20262026-06-07T01:52:12+00:00 2026-06-07T01:52:12+00:00

So I have this existing command that accepts a single argument, but I need

0

So I have this existing command that accepts a single argument, but I need something that accepts the argument over stdin instead.

A shell script wrapper like the following works, but as I will be allowing untrusted users to pass arbitrary strings on stdin, I’m wondering if there’s potential for someone to execute arbitary commands on the shell.

#!/bin/sh
$CMD "`cat`"

Obviously if $CMD has a vulnerability in the way it processes the argument there’s nothing I can do, so I’m concerned stuff like this:

Somehow allow the user to escape the double quotes and pass input into argument #2 of $CMD
Somehow cause another arbitary command to run

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-07T01:52:13+00:00

Editorial Team

2026-06-07T01:52:13+00:00Added an answer on June 7, 2026 at 1:52 am

The parameter looks fine to me, but the command might be a bit shaky, if it can have a space in it. Also, if you’re looking to get just one line from the user then you might prefer this:

#!/bin/bash

read line
exec "$CMD" "$line"

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So I have this existing command that accepts a single argument, but I need

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply