The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Top Forums > Shell Programming and Scripting
.
google unix.com



Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Standards: next up, Constraint Programming iBot Complex Event Processing RSS News 0 12-12-2008 06:40 AM
Unix Shell Scripting Standards janmolby Shell Programming and Scripting 6 03-29-2007 05:22 PM
Coding Standard For Unix Shell Scripting!!! Omkumar Shell Programming and Scripting 1 03-28-2005 12:19 PM
Shell Coding question for any experts out there dfran1972 Shell Programming and Scripting 4 01-12-2004 09:04 AM
Unix Coding Standards himanshu_s UNIX for Dummies Questions & Answers 3 12-06-2001 04:34 PM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 04-21-2009
vamsisurampalli vamsisurampalli is offline
Registered User
  
 

Join Date: Apr 2009
Posts: 4
Secure coding standards for Shell Programming

Hi,

Can anyone point me to Secure coding standards for shell programming guides, links etc etc...

Thanks and regards,
Vamsi K Surampalli.
  #2 (permalink)  
Old 04-22-2009
zaxxon's Avatar
zaxxon zaxxon is offline Forum Staff  
Moderator
  
 

Join Date: Sep 2007
Location: Germany
Posts: 2,257
I have no link but here are some thoughts:
  • Check if file permissions that can be set with chmod and chown/chgrp are ok for your needs.
  • Going remote should always use encrypted communication like with ssh/scp.
  • If you have a more "complicate" setup with different users, think of using sudo to fit your needs.
  #3 (permalink)  
Old 04-22-2009
lavascript lavascript is offline
Registered User
  
 

Join Date: Apr 2009
Posts: 47
We just had a case where finding script output files in /tmp or /var/tmp or other world writeable dirs, could be written as symlinks by an unprivileged user to cause harm.

It's not easily exploitable due to the output file having to NOT exist and also the user knowing what name it will be, but it is possible.

e.g

If user1 (normal user) wrote a symlink in /tmp to /etc/passwd

user1# ln -s /tmp/script.out /etc/passwd

Then a script came along running as root and created output or debug or anything to /tmp/script.out then it would overwrite /etc/passwd and obviously cause trouble to the system.

As said the user would need to know what scripts would be ran as root and where to output but people sometimes forget to chmod 750 ot 700 certain scripts.

If therefore check any output file i'm going to create as below :-

Code:
output_security()
{
# Check any file to be used is not a symlink elswhere. 
# If exceptions are needed dont call this function
# This is an e.g so doesn't include checking $@
for FILE in $@
do
   if [ -h ${FILE} ];then
       print "ERROR: File [${FILE}] is a sym link and not a regular file" >&2
       print "Potential Security Risk so exiting" >&2
       exit 2
}

outputfile=/tmp/$(basename $0).out
tmpfile=/tmp/$(basename $0).tmp

output_security "${outputfile} ${tmpfile}"

....blah blah

Last edited by lavascript; 04-22-2009 at 09:28 AM.. Reason: dont want " " around $@ in function
Sponsored Links
Closed Thread

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 03:15 PM.


Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language translation by Google.
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0