Space character in rc.conf variable

Jilles Tjoelker jilles at stack.nl
Sat Oct 30 22:08:30 UTC 2010 

On Sat, Oct 30, 2010 at 01:11:51PM -0700, Doug Barton wrote:
> On 10/30/10 11:56, Harald Servat wrote:
> >    My SSID has an space character and I don't know how to deal with
> >    it. So my question is easy, how do I add an space in the SSID?
> >    I've tried wrapping the SSID using \" , \' also adding \(space),
> >    changing " for ' and others without success.

> >    As an example my rc.conf entry looks like
> >      ifconfig_wlan0="ssid SSID WITH SPACE dhcp"
> >    and after booting I see that ifconfig tried to connect to SSID instead to
> > "SSID WITH SPACE".

> >    As I said, if I run ifconfig wlan0 ssid "SSID WITH SPACE" from
> >    the command line, works fine.

> The best solution would be to change the SSID to one without spaces. :)

Well, as mentioned elsewhere in the thread write the SSID in hex. You
also need this if *, ? or [ occur in the SSID.

> If you can't or won't do that, one of these should work, please report 
> back which one does:

> ='ssid "ssid with space" DHCP'
> ='ssid \"ssid with space\" DHCP'
> ="ssid 'ssid with space' DHCP"
> ="ssid \'ssid with space\' DHCP"

This will not work, as the value is stored in a variable and then split
on IFS characters by expanding the variable outside quotes. There is no
escape mechanism - either the whole variable is split or none of it (if
in double-quotes).

One workaround would be to set IFS to something not containing <space>,
for example <tab><newline>, and then delimiting fields with tabs instead
of spaces. Apart from the general ugliness all over the rc.confs
(including the defaults/ one), breakage would probably also happen in
rc.subr and network.subr.

Doug's suggestions point to something like
  eval "set -- ${ifconfig_FOO}"
  ifconfig $_if "$@"

This has potential security issues with arbitrary stuff from untrusted
sources (say, some sort of privilege separation where someone may
configure the network but not do arbitrary things) in /etc/rc.conf:
  ifconfig_wlan0='ssid $(chown evilhacker topsecretfile) dhcp'
is perfectly safe now, but will be insecure. (Pathname generation may
lead to information disclosure, but not executing arbitrary commands.)

Also, the syntax for the keywords such as DHCP is too flexible. This
currently does not do much harm other than stopping you from using
"DHCP" as an ssid or something, but is hard to remove from "$@" in the
above code. If they were restricted to appear at the start only, simple
comparisons of "$1" and shift would do the job, but removing from the
middle requires constructing a string with quoting characters and then
using eval on that string.

Array support in the shell could make this easier, but not much unless
the rc.conf syntax would be changed as well, like
  ifconfig_wlan0=(ssid "SSID WITH SPACE" dhcp)
but then changed some more such that "DHCP" can be used as SSID.

Array support would add a fair bit of code to sh, and even then it will
remain fairly limited and clumsy. For example, an array can only be
returned from a function by passing the name of an existing array to
place the result in and using eval, extending setvar in some strange way
or implementing another ksh93 extension, namerefs.

-- 
Jilles Tjoelker

More information about the freebsd-hackers mailing list