escape characters in /etc/network/interfaces
In Debian's /etc/network/interfaces (or any other distribution using Debian's ifupdown utility), a backslash-newline sequence is removed, and backslash is not special anywhere else. A double quote character is not special either. The character # starts a comment if it's the first non-whitespace character on a (non-continuation) line. Null bytes are treated as newline characters (I think — the parser uses C strings and has no special handling for null bytes, so they might cause additional mischief).
Configuration lines take the form of an option name followed by a value, separated by whitespace. Leading and trailing whitespace is ignored. Some built-in options further parse the line into words; the value of options to iface always runs to the end of the line.
For example, the line
wpa-ssid "a b" "cd"
sets the option wpa-ssid to the 12-character string "a b" "cd" (internal whitespace is preserved).
WPA Supplicant's ifupdown script strips double quotes at the beginning and at the end of the wpa-ssid configuration string, the line above is equivalent to wpa-ssid a b" "cd. This way, you can have leading and trailing whitespace in the SSID.
I can't find a quoting issue in the WPA Supplicant ifupdown scripts, so it looks like anything that ifupdown will produce is safe.
Thus you can allow any string as an SSID to be injected into /etc/network/interfaces, provided that it does not contain any newline or null byte. Add double quotes around the string (if you don't, SSIDs with leading or trailing whitespace, or that end with \, or that begin or end with ", will be mangled).
Related videos on Youtube
04 : 32
06 : 54
06 : 32
13 : 21
03 : 00
udachny
Updated on September 18, 2022Comments
-
udachny almost 2 years
I want to be sure that whatever string I pass into the line
wpa-ssid "abc"in/etc/network/interfaceswon't be used to break out of the configuration.All I can find in the manual is that
\can be used at the end of a line to continue on the next line.But what about
\"in the middle of a line?My worries is an SSID something like
A" up rm -rf /\Are there any general encoding that can be used for arbitrary characters into the SSID field?
-
Gilles 'SO- stop being evil' over 10 yearsYour answer doesn't get to the point: what escaping is available in/etc/network/interfaces? -
slm over 10 years@Gilles - thanks, it was a start earlier today at work, I've added some additional info that I had found but hadn't added to the A then. Mostly bugs related to the escaping of characters for "wpa-ssid" & "wpa-psk". -
udachny over 10 yearsI can't say if urlencoding the essid works as a boot parameter but it does not work in the interfaces file.
-
udachny over 10 yearsActually I successfully tried
wpa-ssid my ssid. -
slm over 10 years@phq - I'm not surprised, this was only an idea, and encoding is generally the way you deal with sanitizing data like this in other applications, quoting it would seem to be the only other option, outside of removing it.
-
slm over 10 years@phq - to be clear, you were able to use the line
wpa-ssid=my ssid? -
udachny over 10 years@slm no,
/etc/network/interfacesdoes not use=in its syntax, I tried right now and it does not work with=. -
slm over 10 years@phq - but to your point, you were able to give it a SSID with spaces then?
my ssid? -
udachny over 10 years@slm yes SSID with spaces has always worked
-
slm over 10 years@phq - is this answer entirely correct? The last paragraph implies you cannot have SSIDs with spaces, no?
-
udachny over 10 years@slm you're right, I was only looking for an answer about escaping which although limited, it is the best one so far, almost all of the rest is in some way wrong.
-
Gilles 'SO- stop being evil' over 10 years@slm I had another go at the source, I'd missed that §4.3.3 only calls
nextwordto grab the option name while inIFACEmode, and grabs the rest as the option value in 37a. I corrected my answer. -
Gilles 'SO- stop being evil' over 10 years@phq Sorry, I'd misread the source. See my updated answer.