Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Fill in the blank to run a docker container which opens the file with user-provided path in (say) vim.

Never used docker before, but this seems to work:

    docker run --rm -it debian bash -c 'vim -- "$1"' _ "$user_provided_path"


Looks relatively safe to me, though it doesn't seem to work because debian:latest doesn't have vim in it (so I'm skeptical of your implicit claim of having tried it), and, if $user_provided_path is empty, it defaults to browsing the filesystem. But there are a lot of characters there that are specifically there to avoid footguns; without them, it would seem to work, but it would fail when $user_provided_path contained special characters.

The version I tested was

    docker run --rm -it debian bash -c 'apt update; apt install -y vim; vim -- "$1"' _ "$user_provided_path"


> your implicit claim of having tried it

I tried printing positional parameters, they looked fine. (And already uninstalled docker. What's the point of containerization if you need superuser privileges to use it?)

> if $user_provided_path is empty, it defaults to browsing the filesystem

That's what

    vim -- ""
does.

> But there are a lot of characters there that are specifically there to avoid footguns

What are those characters? --? That's not a lot


Also bash -c '' and "".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: