Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Standards: next up, Constraint Programming | iBot | Complex Event Processing RSS News | 0 | 12-12-2008 06:40 AM |
| Unix Shell Scripting Standards | janmolby | Shell Programming and Scripting | 6 | 03-29-2007 05:22 PM |
| Coding Standard For Unix Shell Scripting!!! | Omkumar | Shell Programming and Scripting | 1 | 03-28-2005 12:19 PM |
| Shell Coding question for any experts out there | dfran1972 | Shell Programming and Scripting | 4 | 01-12-2004 09:04 AM |
| Unix Coding Standards | himanshu_s | UNIX for Dummies Questions & Answers | 3 | 12-06-2001 04:34 PM |
 |
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-21-2009
|
||||
|
||||
|
Secure coding standards for Shell Programming
Hi,
Can anyone point me to Secure coding standards for shell programming guides, links etc etc... Thanks and regards, Vamsi K Surampalli. |
|
04-22-2009
|
|||||
|
|||||
|
I have no link but here are some thoughts:
|
|
04-22-2009
|
||||
|
||||
|
We just had a case where finding script output files in /tmp or /var/tmp or other world writeable dirs, could be written as symlinks by an unprivileged user to cause harm.
It's not easily exploitable due to the output file having to NOT exist and also the user knowing what name it will be, but it is possible. e.g If user1 (normal user) wrote a symlink in /tmp to /etc/passwd user1# ln -s /tmp/script.out /etc/passwd Then a script came along running as root and created output or debug or anything to /tmp/script.out then it would overwrite /etc/passwd and obviously cause trouble to the system. As said the user would need to know what scripts would be ran as root and where to output but people sometimes forget to chmod 750 ot 700 certain scripts. If therefore check any output file i'm going to create as below :- Code:
output_security()
{
# Check any file to be used is not a symlink elswhere.
# If exceptions are needed dont call this function
# This is an e.g so doesn't include checking $@
for FILE in $@
do
if [ -h ${FILE} ];then
print "ERROR: File [${FILE}] is a sym link and not a regular file" >&2
print "Potential Security Risk so exiting" >&2
exit 2
}
outputfile=/tmp/$(basename $0).out
tmpfile=/tmp/$(basename $0).tmp
output_security "${outputfile} ${tmpfile}"
....blah blah
Last edited by lavascript; 04-22-2009 at 09:28 AM.. Reason: dont want " " around $@ in function |
| Sponsored Links | ||
|
|
Linear Mode
