Passing external shell script variable via ssh

Question

When I stumble across an evil web site that I want blocked from corporate access, I edit my named.conf file on my bind server and then update my proxy server blacklist file.

Answer 1

First off, you don't want this to be two separately redirected echo statements -- doing that is both inefficient and means that the lines could end up not next to each other if something else is appending at the same time.

Second, and much more importantly, you don't want the remote command that's run to be something that could escape its quotes and run arbitrary commands on your server (think of if $1 is '$(rm -rf /)'.spammer.com).

Instead, consider:

#!/bin/bash
# ^ above is mandatory, since we use features not found in #!/bin/sh

printf -v new_contents \
  '# date added %s\nzone "%s" { type master; file "/etc/zone/dummy-block"; };\n' \
  "$(date +%m/%d/%Y)" \
  "$1"
printf -v remote_command \
  'echo %q >>/var/named/chroot/etc/named.conf' \
  "$new_contents"
ssh root@192.168.0.1 bash <<<"$remote_command"

printf %q escapes data such that an evaluation pass in another bash shell will evaluate that content back to itself. Thus, the remote shell will be guaranteed (so long as it's bash) to interpret the content correctly, even if the content attempts to escape its surrounding quotes.