[FFmpeg-user] ffmpeg -i "`rm -rf /???`" ?
Devin Heitmueller
dheitmueller at kernellabs.com
Tue Mar 10 17:33:57 EET 2020
Hi Mark,
> So, would you say that the following command is designed to delete all
> files & directories, and then to wipe the disk to make it unrecoverable?
>
> ffmpeg -i "`rm -rf /???`" -lavfi showinfo -f rawvideo -y /dev/sda
His point is that the "rm -rf" is being done by the shell before the
ffmpeg command is ever called. The fact that you were calling ffmpeg
is incidental since the shell you're using expands the command line
(i.e. running what is in the backticks) before the command itself is
even run.
The following would produce the same results:
/bin/echo "`rm -rf /???`"
If you plan on writing shell scripts which call commands and uses
externally provided input, you'll need to ensure that you're doing
quoting/escaping properly. It doesn't matter what the exact command
is that is being run.
Regards,
Devin
--
Devin J. Heitmueller - Kernel Labs
http://www.kernellabs.com
More information about the ffmpeg-user
mailing list