Recursive string expansion
Dan Breslau
dbreslau at painless-security.com
Mon May 29 22:58:32 CEST 2017
On 5/27/2017 4:14 AM, Alan DeKok wrote:
> On May 26, 2017, at 4:43 PM, Dan Breslau <dbreslau at painless-security.com> wrote:
>> I have an issue with recursive string expansion -- that is, it is recursing in a situation where I'd rather it didn't. Specifically, with freeradius 3.0.13, in policy.d/moonshot_targeted_ids, if I set
>>
>> targeted_id_salt = '${changeme'
> The ${...} syntax is for string expansion in the configuration files. It's really macro substitution, and not run-time expansion.
>
> Escape the string, so that it doesn't try to do string expansion when you don't want it.
>
Ah, but therein lies the rub. I know that I can escape the % character
by doubling it. But I haven't seen a documented way of escaping a $; and
neither $$ nor \$ works in my tests. I'm wondering if there's a way of
escaping it that I might have missed.
But I also see that 3.0.14 came out the same day I wrote the earlier
email, and it seems that this issue has been addressed in a different
way. So while I'm still curious about this, it's now more of a
theoretical interest than a real (or potentially real) problem.
Thanks,
Dan
More information about the Freeradius-Users
mailing list