Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: question about shell risk??
Operating Systems Solaris question about shell risk?? Post 302228372 by redoubtable on Sunday 24th of August 2008 06:56:52 AM
Old 08-24-2008
There are many ways in which security can be compromised even if the user doesn't have direct shell access. Some ways include:
1) php/sql injections which in certain cases can trick a php file (f.e.) to disclose system information or execute a certain command. (This should be included in 2) )
2) user-space application vulnerability which can also be tricked in certain cases to behave differently than you expect. Let's create a very simple and
vulnerable C program:
Code:
main (int argc, char *argv[]) { char buf[10]; strcpy (buf, argv[1]); }

Now, I could create another program (exploit) to overflow buf char array until a point in which strcpy()'s eip register is overflown with the start address of a certain
shellcode (machine instructions) of mine. PS: there are very ways in which this can be prevented, but there are other exploitation techniques.
3) kernel-space vulnerability in which we can go out virtual mode and access hardware directly (enter kernel space) or simply freeze your system. Same examples include
the famous integer overflows, NULL pointer dereferences, etc..
4) dummy administrators: https://www.unix.com/shell-programmin...directory.html
5) physical access with/without encryption (with encryption only if the machine is turned on -- cold boot attack)

So, if you're not careful there are many ways in which your system can be compromised, but don't let this allow any script kiddiot to trick you into think he has access to your machines (that's very unlikely).
 

We Also Found This Discussion For You

1. UNIX for Dummies Questions & Answers

Linux Shell Question: how to print the shell script name ?

Suppose I have a script named "sc.sh" in the script how to print out its name "sc.sh"? (3 Replies)
Discussion started by: meili100
3 Replies

LEARN ABOUT SUSE

strcpy

STRCPY(3)						     Linux Programmer's Manual							 STRCPY(3)

NAME

       strcpy, strncpy - copy a string

SYNOPSIS

       #include <string.h>

       char *strcpy(char *dest, const char *src);

       char *strncpy(char *dest, const char *src, size_t n);

DESCRIPTION

       The  strcpy()  function	copies the string pointed to by src, including the terminating null byte (''), to the buffer pointed to by dest.
       The strings may not overlap, and the destination string dest must be large enough to receive the copy.

       The strncpy() function is similar, except that at most n bytes of src are copied.  Warning: If there is no null	byte  among  the  first  n
       bytes of src, the string placed in dest will not be null-terminated.

       If the length of src is less than n, strncpy() pads the remainder of dest with null bytes.

       A simple implementation of strncpy() might be:

	   char*
	   strncpy(char *dest, const char *src, size_t n){
	       size_t i;

	       for (i = 0 ; i < n && src[i] != '' ; i++)
		   dest[i] = src[i];
	       for ( ; i < n ; i++)
		   dest[i] = '';

	       return dest;
	   }

RETURN VALUE

       The strcpy() and strncpy() functions return a pointer to the destination string dest.

CONFORMING TO

       SVr4, 4.3BSD, C89, C99.

NOTES

       Some  programmers  consider  strncpy() to be inefficient and error prone.  If the programmer knows (i.e., includes code to test!)  that the
       size of dest is greater than the length of src, then strcpy() can be used.

       If there is no terminating null byte in the first n characters of src, strncpy() produces an  unterminated  string  in  dest.   Programmers
       often prevent this mistake by forcing termination as follows:

	   strncpy(buf, str, n);
	   if (n > 0)
	       buf[n - 1]= '';

BUGS

       If  the	destination  string  of  a strcpy() is not large enough, then anything might happen.  Overflowing fixed-length string buffers is a
       favorite cracker technique for taking complete control of the machine.  Any time a program reads or copies data into a buffer, the  program
       first  needs to check that there's enough space.  This may be unnecessary if you can show that overflow is impossible, but be careful: pro-
       grams can get changed over time, in ways that may make the impossible possible.

SEE ALSO

       bcopy(3), memccpy(3), memcpy(3), memmove(3), stpcpy(3), strdup(3), wcscpy(3), wcsncpy(3)

COLOPHON

       This page is part of release 3.25 of the Linux man-pages project.  A description of the project, and information about reporting bugs,  can
       be found at http://www.kernel.org/doc/man-pages/.

GNU
								    2009-12-04								 STRCPY(3)
All times are GMT -4. The time now is 02:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy