Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Can I prevent a script from being viewed?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Can I prevent a script from being viewed?
# 15  
Old 03-28-2017
Quote:
Originally Posted by dn888
I'm interested to know more.

For instance, if a user encrypts an ascii file using the following method:

Code:
# echo hello > hello.out
#
# encrypt -a aes -i hello.out -o hello.out.encrypted
Enter key:
# ls -lrth hello.out hello.out.encrypted
-rw-r-----   1 sysadmin   other         6 Mar 28 15:00 hello.out
-rw-r-----   1 sysadmin   other        56 Mar 28 15:01 hello.out.encrypted
# file hello.out hello.out.encrypted
hello.out:      ascii text
hello.out.encrypted:    data
#

When the encrypt program asks the user to insert a key, how can root user capture the input?
Moderator's Comments:
Mod Comment Please use CODE tags when displaying sample input, sample output, and code segments.
I must be missing the point. From the prompt you are showing (# ), one would assume that root is running this code. Are you saying that root doesn't know the characters that he or she is typing into the terminal after receiving the prompt for a pass phrase from the encrypt utility?

What is it that you are trying to do?
# 16  
Old 03-28-2017
The encrypt program can be run by any user to encrypt their files, its available on Solaris.

The example, I've ran above is under a non-root user.

But Corona688 did say that "There are no methods to protect from root, at all." So I'd like to know how can root user know the encryption key to decrypt a users file.

I'm trying to understand how Corona688 came to that conclusion.
# 17  
Old 03-28-2017
You are talking about two different things. If a file is encrypted, only users who know the pass phrase or who have enough compute power to determine the pass phrase by brute force can read the plain text version of that encrypted file.

The topic of this thread, however, is how can a user encrypt a shell script file and let another user who does not know the pass phrase used to encrypt that script run that script without being able to read it as clear text. And, the answer is that it cannot be done.

If a script is obfuscated by its owner and can be run by somebody else without knowing the obfuscation method used, then anyone who has read access to the file can also read the clear text of that script and/or run the file.

And, if a file is made unreadable just by changing its mode, that will not keep any root user on that system from reading that file (both because root can read any file with any read permission bit set and because root can change the mode of any file to any mode they choose.)
# 18  
Old 03-28-2017
Quote:
Originally Posted by dn888
The encrypt program can be run by any user to encrypt their files, its available on Solaris.

The example, I've ran above is under a non-root user.
I have assumed that you don't wish to type in a password every time you want to run that script, because 99.9% of the time, people don't.

If the script contains instructions for decrypting itself without a password, root can read it and decrypt it, because it literally contains step by step instructions for doing so.
Quote:
But Corona688 did say that "There are no methods to protect from root, at all." So I'd like to know how can root user know the encryption key to decrypt a users file.

I'm trying to understand how Corona688 came to that conclusion.
Root has full control of the machine. They can alter it to their needs. They can do things like subverting your profile, subverting system libraries, altering your environment, setting up full system traces on platforms which support it, and even doing minor alterations to the kernel. They could trace you typing in your password if they really, really want to, or (much more easily) fake you into typing the password into something else.

I won't go into more details, as I'm not in the business of making malicious hacks. But you cannot defend from root.
Last edited by Corona688; 03-28-2017 at 02:55 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

UNIX/Linux - awk - displaying unxpected ! character when viewed in mail; but not in actual file

Greetings Experts, I am on AIX using ksh; I am processing the input files and generating a awk_output.txt file using AWK. By reading that awk_output.txt file, I am building a output.html file which is cat and then fed to /usr/sbin/sendmail .When the shell script is triggered through command... (2 Replies)
Discussion started by: chill3chee
2 Replies

2. Red Hat

Any Help About this script how can i prevent client to use it ?

Hello i have server cpanel on centos 6 an there is a client used script to hack other accounts the script is like this _____ __________ <?php $auth_pass = "7815696ecbf1c96e6894b779456d330e"; $color = "#df5"; $default_action = 'FilesMan'; $default_use_ajax = true;... (1 Reply)
Discussion started by: jackmio
1 Replies

3. Shell Programming and Scripting

How to prevent a shell script from copy or read from Users

I have a script which do validation check and perform code migration from one env. to another, this is built for users/developers. How can I prevent this shell script from copy or read from users, as they can modify it and run it as per their requirement where as this has to be standard script and... (1 Reply)
Discussion started by: pramendra
1 Replies

4. UNIX for Dummies Questions & Answers

tcsh: how to prevent a foreach from terminating a script when the result is null?

Sorry if this has been answered. I did search both Google and this site and did find this post: unix.com/unix-dummies-questions-answers/152992-how-ignore-errors-script.html However, it wasn't answered. I have the same question - how do you prevent a tcsh script from terminating when the... (4 Replies)
Discussion started by: deepstructure
4 Replies

5. Shell Programming and Scripting

how do i prevent $ from being commented out if no value is present? (Bash Script)

Hey guys, I want to paste a code in a .php file via a bash script. I am on ubuntu 10.04. The problem is if the values for $ aren't present, then all of them would be removed by the script. An example of my script (I modified it for this thread to prevent it from being overly complicated) ... (2 Replies)
Discussion started by: xxxx
2 Replies

6. Shell Programming and Scripting

Prevent wrong user from using shell script for multiple remote servers

Hi, I am running a shell script from a central server to multiple remote servers using the following code: application_check() { # Linux/UNIX box with ssh key based login SERVERS=`cat /tmp/server-details` # SSH User name USR="user" # create new file > /tmp/abc.log # connect... (2 Replies)
Discussion started by: mystition
2 Replies

7. Shell Programming and Scripting

Cron job to prevent simultaneous script

I'm using a shared server on Hostgator (Linux CentOS). I'm trying to set a cron job using the Control Panel that will check if its already running before starting a new one. I've tried the following... * * * * * && but I get this error emailed to me... /bin/sh: line 0: Any... (5 Replies)
Discussion started by: tech9821
5 Replies

8. Shell Programming and Scripting

script - how to prevent in parallel run

I have one shell script which is being accessed by many jobs at same time. I want to make the script such that , other job should wait for the script if script is being used by some other job. Is there any way to implement it in script level ? Gops (1 Reply)
Discussion started by: Gopal_Engg
1 Replies

9. Shell Programming and Scripting

how to prevent multiple email notifications from monitoring script

Hi everyone, I am in the process of trying to decide the correct way to solve a particular scripting/email issue I have and would appreciate any advice. We have a cronjob running every 10 mins to check disk size on the server and if this exceeds a certain percentage then it will email a... (2 Replies)
Discussion started by: si_linux
2 Replies

10. OS X (Apple)

Use UNIX to track web sites viewed?

I'm on OSX 10.4. I was wondering if you can use UNIX terminal to track what web sites have been viewed on this Mac... Thank you! (1 Reply)
Discussion started by: tracymanusa
1 Replies
Login or Register to Ask a Question