Secure coding standards for Shell Programming Post: 302309562

Sponsored Content

Top Forums Shell Programming and Scripting Secure coding standards for Shell Programming Post 302309562 by lavascript on Wednesday 22nd of April 2009 09:15:06 AM

04-22-2009

Registered User

We just had a case where finding script output files in /tmp or /var/tmp or other world writeable dirs, could be written as symlinks by an unprivileged user to cause harm.

It's not easily exploitable due to the output file having to NOT exist and also the user knowing what name it will be, but it is possible.

e.g

If user1 (normal user) wrote a symlink in /tmp to /etc/passwd

user1# ln -s /tmp/script.out /etc/passwd

Then a script came along running as root and created output or debug or anything to /tmp/script.out then it would overwrite /etc/passwd and obviously cause trouble to the system.

As said the user would need to know what scripts would be ran as root and where to output but people sometimes forget to chmod 750 ot 700 certain scripts.

If therefore check any output file i'm going to create as below :-

Code:

output_security()
{
# Check any file to be used is not a symlink elswhere. 
# If exceptions are needed dont call this function
# This is an e.g so doesn't include checking $@
for FILE in $@
do
   if [ -h ${FILE} ];then
       print "ERROR: File [${FILE}] is a sym link and not a regular file" >&2
       print "Potential Security Risk so exiting" >&2
       exit 2
}

outputfile=/tmp/$(basename $0).out
tmpfile=/tmp/$(basename $0).tmp

output_security "${outputfile} ${tmpfile}"

....blah blah

Last edited by lavascript; 04-22-2009 at 10:28 AM.. Reason: dont want " " around $@ in function

lavascript

View Public Profile for lavascript

Find all posts by lavascript

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Unix Coding Standards

Hi, I am looking for some coding standards for Unix Shell Scripting. Can anyone help me out in this? Regards, Himanshu

2. Shell Programming and Scripting

Shell Coding question for any experts out there

Given this one long stream of data (all one line): <TransactionDetail><TransactionHeader><ErrorLogging>YES</ErrorLogging><HistoryLogging>YES</HistoryLogging><ErrorDetection>NO</ErrorD...

3. Shell Programming and Scripting

Coding Standard For Unix Shell Scripting!!!

Is there any site on Coding Standard for Shell Scripting in UNIX. Please help me know!!!!! Thanks Om

4. Shell Programming and Scripting

Unix Shell Scripting Standards

Would anyone have details of pre-existing Unix shell scripting standards. I've been asked to prepare a document outlining standards when writing korn shell scripts & don't really know where to start. Thanks.

5. AIX

AIX and Secure Shell

I just installed 5.3 TL0 on a B50 server. I need to get ssh installed. I tried the links at http://sourceforge.net/projects/openssh-aix] I downloaded openssh_5.2p1_aix53.tar and openssh-4.5_srcpatch.tar. The installation failed. The notes say that this was compiled for TL 8, and mine is...

6. UNIX for Dummies Questions & Answers

GUI via secure shell

Hi i am connected to remote system using putty over ssh-1 version. i can see the command line and able to perform the operations through it. is it possible to have a GUI interface of my login rather than terminal access? do i need to use any client other than putty ? any help is much...

7. Shell Programming and Scripting

Need help in shell script coding

I have a file f1.txt that contains string: f1.txt aaa bbb ccc ... I want to write code to search that each string in file f2.txt(this file contains 1000+line codes). file f2.txt .. .. ....aaa...xyz.. ... ... ...ppp... (dots . can be characters ot blank spaces) If particular...

8. UNIX for Dummies Questions & Answers

Help with understand shell script coding

Good afternoon everyone, I am very new to UNIX shell scripting and I am trying to understand the following code. I know what it does but I need to modify it so it will allow me to pass a file name as *FILENAME* Thank for any guidance offered. if ] ; then match=`expr "$file" :...

LEARN ABOUT OSX

mktemp

MKTEMP(1)						    BSD General Commands Manual 						 MKTEMP(1)

NAME

     mktemp -- make temporary file name (unique)

SYNOPSIS

     mktemp [-d] [-q] [-t prefix] [-u] template ...
     mktemp [-d] [-q] [-u] -t prefix

DESCRIPTION

     The mktemp utility takes each of the given file name templates and overwrites a portion of it to create a file name.  This file name is
     unique and suitable for use by the application.  The template may be any file name with some number of 'Xs' appended to it, for example
     /tmp/temp.XXXX.  The trailing 'Xs' are replaced with the current process number and/or a unique letter combination.  The number of unique
     file names mktemp can return depends on the number of 'Xs' provided; six 'Xs' will result in mktemp selecting 1 of 56800235584 (62 ** 6) pos-
     sible file names.

     If mktemp can successfully generate a unique file name, the file is created with mode 0600 (unless the -u flag is given) and the filename is
     printed to standard output.

     If the -t prefix option is given, mktemp will generate a template string based on the prefix and the TMPDIR environment variable if set.  The
     default location if TMPDIR is not set is /tmp.  Care should be taken to ensure that it is appropriate to use an environment variable poten-
     tially supplied by the user.

     Any number of temporary files may be created in a single invocation, including one based on the internal template resulting from the -t flag.

     The mktemp utility is provided to allow shell scripts to safely use temporary files.  Traditionally, many shell scripts take the name of the
     program with the pid as a suffix and use that as a temporary file name.  This kind of naming scheme is predictable and the race condition it
     creates is easy for an attacker to win.  A safer, though still inferior, approach is to make a temporary directory using the same naming
     scheme.  While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service
     attack.  For these reasons it is suggested that mktemp be used instead.

OPTIONS

     The available options are as follows:

     -d      Make a directory instead of a file.

     -q      Fail silently if an error occurs.	This is useful if a script does not want error output to go to standard error.

     -t prefix
	     Generate a template (using the supplied prefix and TMPDIR if set) to create a filename template.

     -u      Operate in ``unsafe'' mode.  The temp file will be unlinked before mktemp exits.  This is slightly better than mktemp(3) but still
	     introduces a race condition.  Use of this option is not encouraged.

EXIT STATUS

     The mktemp utility exits 0 on success, and 1 if an error occurs.

EXAMPLES

     The following sh(1) fragment illustrates a simple use of mktemp where the script should quit if it cannot get a safe temporary file.

	   tempfoo=`basename $0`
	   TMPFILE=`mktemp /tmp/${tempfoo}.XXXXXX` || exit 1
	   echo "program output" >> $TMPFILE

     To allow the use of $TMPDIR:

	   tempfoo=`basename $0`
	   TMPFILE=`mktemp -t ${tempfoo}` || exit 1
	   echo "program output" >> $TMPFILE

     In this case, we want the script to catch the error itself.

	   tempfoo=`basename $0`
	   TMPFILE=`mktemp -q /tmp/${tempfoo}.XXXXXX`
	   if [ $? -ne 0 ]; then
		   echo "$0: Can't create temp file, exiting..."
		   exit 1
	   fi

SEE ALSO

     mkdtemp(3), mkstemp(3), mktemp(3), environ(7)

HISTORY

     A mktemp utility appeared in OpenBSD 2.1.	This implementation was written independently based on the OpenBSD man page, and first appeared in
     FreeBSD 2.2.7.  This man page is taken from OpenBSD.

BSD
								 December 30, 2005							       BSD