Relative path not safe

ratnalein88 · April 20, 2013, 4:08am

Hallo everyone,

I am running an SQL-Script over KShell-Script. Thus, in the KShell-Script there are these lines:

WORKPATH=$PWD/work
EXPORTDIR=export_meine_datei_bitte 
EXPORTPATH=${WORKPATH}/${EXPORTDIR} 

... 
db2 connect to ${DBNAME} || die "can not open database connection" 
db2 -tf sql_script.sql || die "comments" 
...

In my SQL-Script it exists an export command:

export to ./tabelle.csv of del 
... 
...

As we can see, I have defined some variables, but uncompletely, such as WORKPATH is still unfilled. It is because, that the KShell-Script should be run in ANOTHER Unix-System. Now, the SQL-Script creates for a csv-table to the directory, which where the SQL-Script last being called. But the SQL-Script should create the csv-table in the variable EXPORTPATH.

So, thats why I was thinking, "okay, then I will just do a cd ${EXPORTPATH} bevor calling the SQL-Script:

... 
cd {EXPORTPATH} 
db2 connect to ${DBNAME} || die "can not open the database connection" 
db2 -tf sql_script.sql || die "comments" 
...

My teacher, who is a UNIX-Guru, said, this is not good. He gave me the reason for it but I could not understand. I try to explain the reason:

"if you do a cd there, it would be NOT RELATIVE PATH SAFE, it must be relative path safe. You are possibly killing all the relative paths, which come from outside."

It is difficult for me to express my question correctly becaus I actually dont even understand what the basic problem here. Does somebody have a clue? He is a UNIX-Guru, so it must be something true in his explanations.
As I said, the KShell-Script should be run in the machine, which I dont know the config-files and environment variables.

I hope, someone can help me.. Thank you.

Regards,

Ratna:)

Scrutinizer · April 20, 2013, 4:43am

I suspect he is referring to $PWD which is the basis for your paths. So all your paths will be relative to $PWD , which is the path the caller of the script happens to be in when he calls the script. So indeed that location would be determined outside the script.

So you would either need to use a cd -command before that statement or use an absolute path instead. Or, if you need to use paths relative to the location of your script, you could perhaps use information from $0 as the basis...

ratnalein88 · April 20, 2013, 7:33am

Hallo Scrutinizer,

This is exactly I wanted to do --> use cd ${EXPORTPATH} before running the SQL-Script, like this:

...  cd ${EXPORTPATH}  db2 connect to ${DBNAME} || die "can not open the database connection"  db2 -tf sql_script.sql || die "comments"  ...

Unfortunately, this is also exactly the step he said it is not right. I am not supposed to do cd there. Any idea, what he perhaps actually meant?

Thank you and best regards,

Ratna:)

Scrutinizer · April 20, 2013, 8:04am

I meant cd to some absolute path before

WORKPATH=$PWD/work

ratnalein88 · April 20, 2013, 11:15am

Hallo Scrutinizer,

thanks for your reply. Mhh.. but EXPORTPATH is an absolute path:

cd ${EXPORTPATH}

--> $PWD/work/export_meine_datei_bitte

Because pwd always give me an absolute path.

But as I already said, he said, I can not use:

cd ${EXPORTPATH}

before running the sql-script. I just dont know why.. This is so depressing.

Thank you..

Best regards,

Ratna:)

Scrutinizer · April 20, 2013, 11:50am

$PWD returns an absolute path, but it is the path to the current directory. If you do not change the current directory in your script first, then this is the current directory of the person who is running the script, so ${EXPORTPATH} becomes relative to his current directory...

MadeInGermany · April 20, 2013, 7:00pm

I suspect your guru is wrong here.
There is a Unix principle that each process gets a copy of its parent process' environment.
So it cannot have an impact on another process but its own child processes.
For shell script safety have variables in quotes when used in command arguments:

cd "$EXPORTPATH"

Scrutinizer · April 20, 2013, 10:56pm

@MadeinGermany: I disagree, his "guru" is right. The paths to the working/export directories ($EXPORTPATH, $WORKPATH) need to be absolute and point to fixed locations, or rather, to locations that are controlled by the script. But as it is used now, these depend on the value of $PWD and $PWD will contain the current directory of whoever is running the Kornshell script (that calls the sql script). So effectively, these directories/paths becomes relative to that what the user's current directory happens to be.

To illustrate:

$ pwd
/home/scrutinizer/test

$ cat testscript
printf "%s\n" "$PWD"
command -v "$0"

$ ./testscript
/home/scrutinizer/test
/home/scrutinizer/test

$ cd /var/tmp
$ ~/test/testscript
/var/tmp
/home/scrutinizer/test

hanson44 · April 21, 2013, 2:36am

Yes, based on the illustration, it seems the poster's "guru" is right. So it seems the conclusion is that the first line needs to be something like this, I believe:

WORKPATH="$HOME/work"

MadeInGermany · April 21, 2013, 7:45am

Okay if the guru meant the dependency on the current work directory that is controlled by the calling=parent process.
A risk mitigation is a check:

cd "$EXPORTPATH" || exit