Hide code in shell script???

alan · #1 (**permalink**) 07-30-2003

Hello,

I am very new to Unix so I want to apologize in advance in case my question is stupid.

I wrote a KORN script that I am planning to distribute to many users. This script contains sensitive information that the users should not see: user name and password to our database servers with payroll info.

Is there a way to hide ("obfuscate"?) parts (usernames/passwords..) or the entire script from the end users while still allowing them to execute it?

I am thinking that the right CHMOD command would do the trick i.e. something like "chmod ??? myscript.ksh...". I already did a "chmod 777 myscript.ksh" so I can run/test this script in my shell account but maybe I need to do something else? Do you guys agree? Is there a better option?

Thanks in advance for helping me.

Al.

oombera · #2 (**permalink**) 07-31-2003

Chmod 777 means everyone can read, edit and execute the file. If you want to prevent others from reading the file, you can use something else with the chmod command, like "chmod 711 file" which will make the file executable for everyone, but only able to be read or edited by you, the owner.

Perderabo · #3 (**permalink**) 07-31-2003

711 will not work for scripts. The shell can't execute commands that it can't read.

Putting a password in script is a very severe security problem. The only real solution is: don't do that.

alan · #4 (**permalink**) 07-31-2003

Quote:

Originally posted by Perderabo
711 will not work for scripts. The shell can't execute commands that it can't read.

Not sure what you mean by this. I used 711 on my script and ran it using 3 different logins: it executed successfully all 3 times.

Nevertheless, I agree with you that putting passwords in a script is asking for trouble.

Time constraints and little knowledge of shell scripting (I am teaching myself) leave me with no other option for the time being.

Al.

Perderabo · #5 (**permalink**) 07-31-2003

I just tried it on HP-UX 11.0, i get:
./xyz: ./xyz: cannot open

And on SunOS 5.6:
/usr/bin/ksh: ./xyz: cannot open

seems like a problem to me. What OS are you using?

alan · #6 (**permalink**) 07-31-2003

Quote:

Originally posted by Perderabo
I just tried it on HP-UX 11.0, i get:
./xyz: ./xyz: cannot open

And on SunOS 5.6:
/usr/bin/ksh: ./xyz: cannot open

seems like a problem to me. What OS are you using?

'uname -r' gives me (HP-UX) "B.11.0"...just like you??

For all my tests, I
-"physically" logged in as user A, ran the script, logged off
-"physically" logged in as user B, ran the script, logged off
-...

Not sure if makes a difference....?

Perderabo · #7 (**permalink**) 07-31-2003

This is very odd. Yes, my uname -r is B.11.00.

What is the first line of your script? I have:
#! /usr/bin/ksh

Could you post the results of a
ls -ln script
or whatever you called your script. And a
id -u

The numeric uids control access. If your current uid as displayed by "id -u" is not zero or equal to numeric uid that owns the script you should not be able to run it.

Unless the interpreter itself is suid to either root or the owner of the script. My ksh is 555.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
CIACTech02-002: Microsoft Browser Helper Objects (BHO) Could Hide Malicious Code	iBot	Security Advisories (RSS)	0	12-24-2007 09:40 AM
How to embed shell script in a awk code	rajbal	Shell Programming and Scripting	8	09-28-2006 04:19 PM
Can anyone find a bug in this code?? shell script	amon	Shell Programming and Scripting	1	09-19-2006 02:11 AM
Capture Oracle return code in shell script	Vikas Sood	Shell Programming and Scripting	1	05-22-2006 05:32 PM
How to hide user inputted text for interactive unix shell script?	patrickpang	Shell Programming and Scripting	1	04-04-2006 08:42 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: