Igor Tandetnik wrote: > Kelly Jones wrote: >> On a website, I want to take a user's query "as is", save it to a >> userquery.txt, and then do: >> >> sqlite3 /path/to/mydb < userquery.txt >> >> where /path/to/mydb is a *read-only* file. >> >> Is there *any* risk of an injection attack here? >> >> Specifically, does sqlite3 have any shell escapes or any way to >> change the Unix permissions of the file it's accessing? > > The user may issue an ATTACH statement to open a connection to a > different file, and then modify that one.
Oh, and there's .load command instructing sqlite3 to load a given shared library and call a given function in it - basically, to run arbitrary code. And .backup and .output commands can overwrite an arbitrary file. Igor Tandetnik _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users