As for the setuid solution I have come up with I understand that it is not a completely secure solution. Other users can view the envfile.txt contents by running the setuid script using eval `/tmp/filereader.pl /tmp/envfile.txt`.
It's worse than that. Any user who can run filereader.pl can get the contents of the env file.
Quote:
But i just tbought until I come up with a more secure solution this would be at least safer than having no Setuid script at all and giving read permission to all to /tmp/envfile.txt and using . /tmp/envfile.txt inside the shell script.
Rename filereader.pl to hackers-please-ignore.pl and you'll understand how insecure this really is. It's not better, it's worse.
Quote:
Corona,
As for your suggestion that i create a shell script filreader.sh owned by master account that has read access to envfile.txt and which is shielded from read/execute access by other users and which has inside it
Code:
. /tmp/envfile.txt
Now inside the main script test.sh that other userids can execute i include
Code:
sudo - masteraccount /somepath/filereader.sh
This would work.
Why bother using reader.pl? The script master script was already secured.
Quote:
But again it would expose a threat in that other user ids can use a simple hack in the form of a script like this which prints the contents of envfile.txt
Code:
set -x
sudo - masteraccount /somepath/filereader.sh
1) sudo does not inherit shell options like -x. It excludes almost everything in fact.
2) Users can't do sudo -u masteraccount filereader.sh unless you told sudo to let them run filereader.sh as masteraccount. If you don't want to let them do that, don't tell sudo to let them do that.
OK, here is a demonstration of exactly what I mean. I have created a user named topsecret, which owns /home/topsecret:
Code:
topsecret@gentoo ~ $ ls -ld .
drwx------ 3 topsecret root 4096 Sep 4 12:38 .
topsecret@gentoo ~ $ ls -l
total 8
-rw------- 1 topsecret topsecret 17 Sep 4 12:38 env-file.txt
-rwx------ 1 topsecret topsecret 77 Sep 4 12:37 top-secret.sh
$ cat top-secret.sh
#!/bin/bash
. /home/topsecret/env-file.txt
echo "Top secret value is $VAL"
$ cat env-file.txt
VAL="qwertyuiop"
$ ./top-secret.sh
Top secret value is qwertyuiop
$
I have added this to sudoers:
Code:
# anyone in the topsecret group can run
# /home/topsecret/top-secret.sh as the user topsecret
# with no arguments and ONLY no arguments
%wheel ALL=(topsecret) NOPASSWD: /home/topsecret/top-secret.sh ""
As some other user in the topsecret group:
Code:
user@gentoo ~ $ ls /home/topsecret
ls: cannot open directory /home/topsecret: Permission denied
user@gentoo ~ $ cat /home/topsecret/top-secret.sh
cat: /home/topsecret/top-secret.sh: Permission denied
user@gentoo ~ $ cat /home/topsecret/env-file.txt
cat: /home/topsecret/env-file.txt: Permission denied
user@gentoo ~ $ sudo -u topsecret /home/topsecret/top-secret.sh
Top secret value is qwertyuiop
user@gentoo ~ $ sudo -u topsecret /home/topsecret/top-secret.sh asdf
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
sudo: 3 incorrect password attempts
$
This is exactly what sudo was meant for, to allow people to run only certain things in exactly certain ways. perlsuid and eval are not needed.
The Key point here I was not aware of is that SUDO does not inherit shell options like -x. That helps thanks.
Since I do not have root access to modify /etc/sudoers at work I tested this out on my Mac Pro that runs underlying OS Darwin 10.8 BSD/OSX based Linux.
First as root I added the following entry to /etc/sudoers so that user 'otheruser' has sudo permission to run the command owned by admin account. Note that on Mac OS, in addition to admin there is also root user.
Then I updated this 'otheruser' script to use sudo instead of directly calling it as below
Code:
$ cat call_adminusers_restrictedsudocommand.ksh
#!/bin/sh
set -x
sudo /Users/admin/test_xtrace_withsudoaccess.ksh
Now when I invoked this script by 'otheruser' I got the following output which shows that even though the admin script got execute fine, envfile.txt contents are hidden as sudo does not inherit -x oiption
On the other hand when I used xtrace option set -x within a script owned by 'admin' user as below, where it invokes the script directly without using sudo, the xtrace output prints the entries of the envfile.txt as they are parsed
Code:
$ cat call_testxtrace.ksh
#!/bin/ksh
set -x
. ./test_xtrace_withsudoaccess.ksh
So this proves your theory that sudo doesnot inherit -x option meaning a secure script owned by admin that sources a secure env file, can be granted sudo access to other users without the risk of those user being able to trace envfile contents with the Xtrace option.
The semi-colons are necessary as command separators.
But I'm still wondering why you want to make an environment file unreadable by certain users. All they have to do is type "env" to see everything you put in there anyways. (and "alias")
But I'm still wondering why you want to make an environment file unreadable by certain users. All they have to do is type "env" to see everything you put in there anyways.
I suspect it's paths and passwords for a database, and that the shell script in question just uses the database and doesn't give the user a shell prompt to play with.
"Debian 9 64x - LXDE"
I try to source a file from my parent directory:
#!/bin/bash
#source.bash
. ../links.bash but i get "file not found".
I tried . "../links.bash" and . '../links.bash'. I got on all methods the same result.
If i use the absolute path it works, but i don't want to... (4 Replies)
Why does dot sourcing of ksh functions behave so differently between AIX, Solaris, and Linux? How can I make Linux behave the way I want in the test I show below?
I have a library of interdependent functions I have developed and use in ksh in AIX. They also run in Solaris. Now I am migrating... (9 Replies)
I have tried with the following:
csh -c 'source ~/.cshrc; exec bash' # works perfectly
(cat ~/.cshrc; echo exec bash) | csh # not working
And, using sed, I successfully retrieved the environment variables from ~/.cshrc
sed -rn 's/setenv\s+(\S+)\s+(.*)$/export \1=\2/p' ~/.cshrc
but now... (6 Replies)
I am facing a very strange issue. I have script in ksh with #!/bin/ksh as shebang.
This script has function which sets the env variable before running other functions of the script. by
set_up_env()
{
CONFIG_FILE="/opt/app/tools/deepmarking/latestVersion/script/UploadEnv"
if
then
... (7 Replies)
Hi!
I wanted to simplify my bash prompt, so I edited my etc/bashrc file. I thought this was the file that would override any other env files. When I opened it, I saw that the way it was setup was not what my prompt looked like, although I forget exactly what was there. But i edited it the way I... (1 Reply)
Hi,
Could any one share the intelligence to track this problem.
I have any array BT_META_36 and it prints properly with contents of array.
# print "BT_META_36=${BT_META_36}"
# BT_META_36=cab3,cab4:HDS:052,07A cab3,cab4:HDS:052,07A
Now I have a BT_META_36 assigned to a variable.... (0 Replies)
first of all, thanks to all on this board, it has been a huge resource to answer most of my questions!
I am stuck on something that should really be simple, and was looking for some help.. I am using KSH on solaris and working on a script to move containers from server to server. Where i am... (4 Replies)
Hey all,
I have been using Ksh and in that I am setting Environment variables.
To set Env. Variables I have created my own file "BuildScript.sh" in which i have written :
export CLASSPATH=/somedir/some other dir/file:.
export PATH=/some dir/file:.
But when i am calling this... (4 Replies)
hi everyone
i've been reading learning the bash and there is somrthing i don;t
understand what does eval do
i know that it run a command or script twice but i don;t see in
what for cases i can use this
could somebody explain this to me (3 Replies)
I have a script "abc.sh" in /tmp which has exit 0 as its last line
when I run this script from /tmp/xyz/def.sh script as
. ../abc.sh
then the script executes but the control doesn't return to def.sh script for subsequent commands in def.sh
but if I invoke the abc.sh from inside the... (3 Replies)
09-04-2015
