Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure coding standards for Shell Programming
Top Forums Shell Programming and Scripting Secure coding standards for Shell Programming Post 302309562 by lavascript on Wednesday 22nd of April 2009 09:15:06 AM
Old 04-22-2009
We just had a case where finding script output files in /tmp or /var/tmp or other world writeable dirs, could be written as symlinks by an unprivileged user to cause harm.

It's not easily exploitable due to the output file having to NOT exist and also the user knowing what name it will be, but it is possible.

e.g

If user1 (normal user) wrote a symlink in /tmp to /etc/passwd

user1# ln -s /tmp/script.out /etc/passwd

Then a script came along running as root and created output or debug or anything to /tmp/script.out then it would overwrite /etc/passwd and obviously cause trouble to the system.

As said the user would need to know what scripts would be ran as root and where to output but people sometimes forget to chmod 750 ot 700 certain scripts.

If therefore check any output file i'm going to create as below :-

Code:
output_security()
{
# Check any file to be used is not a symlink elswhere. 
# If exceptions are needed dont call this function
# This is an e.g so doesn't include checking $@
for FILE in $@
do
   if [ -h ${FILE} ];then
       print "ERROR: File [${FILE}] is a sym link and not a regular file" >&2
       print "Potential Security Risk so exiting" >&2
       exit 2
}

outputfile=/tmp/$(basename $0).out
tmpfile=/tmp/$(basename $0).tmp

output_security "${outputfile} ${tmpfile}"

....blah blah

Last edited by lavascript; 04-22-2009 at 10:28 AM.. Reason: dont want " " around $@ in function
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Unix Coding Standards

Hi, I am looking for some coding standards for Unix Shell Scripting. Can anyone help me out in this? Regards, Himanshu (3 Replies)
Discussion started by: himanshu_s
3 Replies

2. Shell Programming and Scripting

Shell Coding question for any experts out there

Given this one long stream of data (all one line): <TransactionDetail><TransactionHeader><ErrorLogging>YES</ErrorLogging><HistoryLogging>YES</HistoryLogging><ErrorDetection>NO</ErrorD... (4 Replies)
Discussion started by: dfran1972
4 Replies

3. Shell Programming and Scripting

Coding Standard For Unix Shell Scripting!!!

Is there any site on Coding Standard for Shell Scripting in UNIX. Please help me know!!!!! Thanks Om (1 Reply)
Discussion started by: Omkumar
1 Replies

4. Shell Programming and Scripting

Unix Shell Scripting Standards

Would anyone have details of pre-existing Unix shell scripting standards. I've been asked to prepare a document outlining standards when writing korn shell scripts & don't really know where to start. Thanks. (6 Replies)
Discussion started by: janmolby
6 Replies

5. AIX

AIX and Secure Shell

I just installed 5.3 TL0 on a B50 server. I need to get ssh installed. I tried the links at http://sourceforge.net/projects/openssh-aix] I downloaded openssh_5.2p1_aix53.tar and openssh-4.5_srcpatch.tar. The installation failed. The notes say that this was compiled for TL 8, and mine is... (3 Replies)
Discussion started by: Geekasaurus
3 Replies

6. UNIX for Dummies Questions & Answers

GUI via secure shell

Hi i am connected to remote system using putty over ssh-1 version. i can see the command line and able to perform the operations through it. is it possible to have a GUI interface of my login rather than terminal access? do i need to use any client other than putty ? any help is much... (5 Replies)
Discussion started by: rakeshkumar
5 Replies

7. Shell Programming and Scripting

Need help in shell script coding

I have a file f1.txt that contains string: f1.txt aaa bbb ccc ... I want to write code to search that each string in file f2.txt(this file contains 1000+line codes). file f2.txt .. .. ....aaa...xyz.. ... ... ...ppp... (dots . can be characters ot blank spaces) If particular... (2 Replies)
Discussion started by: Sanchit
2 Replies

8. UNIX for Dummies Questions & Answers

Help with understand shell script coding

Good afternoon everyone, I am very new to UNIX shell scripting and I am trying to understand the following code. I know what it does but I need to modify it so it will allow me to pass a file name as *FILENAME* Thank for any guidance offered. if ] ; then match=`expr "$file" :... (2 Replies)
Discussion started by: Walter Barona
2 Replies

LEARN ABOUT DEBIAN

arch::tempfiles

Arch::TempFiles(3pm)					User Contributed Perl Documentation				      Arch::TempFiles(3pm)

NAME

       Arch::TempFiles - help to manage temporary files/dirs

SYNOPSIS

	   use Arch::TempFiles qw(temp_file_name temp_file temp_dir);
	   # all will be removed automatically on the script completion
	   my $file_name1 = temp_file();
	   my $file_name2 = temp_file_name("status");
	   my $dir_name = temp_dir("arch-tree");

	   use Arch::TempFiles;
	   my $tmp = new Arch::TempFiles;
	   $tmp->root($tmp->dir);
	   my $file_name = $tmp->name;
	   open OUT, ">$file_name";
	   close OUT;

DESCRIPTION

       This module deals with temporary file names. It is similar to File::Temp, but simplier and more focused. Also, File::Temp is relatively new
       and was not shipped with older perl versions.

       Both function interface and object oriented interface are supported.

FUNCTIONS
/METHODS
       The following functions are available:

       temp_root, temp_name, temp_file_name, temp_dir_name, temp_file, temp_dir.

       The corresponding class methods are available too:

       root, name, file_name, dir_name, file, dir.

       temp_root [dir]
       $tmp->root [dir]
	   Change or return the root of the temporary files and dirs. The default is either $ENV{TMP_DIR} or "/tmp".

       temp_name [label]
       $tmp->name [label]
	   Return the unused temporary file name. The default file name is "/tmp/,,arch-XXXXXX" where XXXXXX is a random number. To change this
	   name use "temp_root" and/or provide label that replaces "arch".

	   Please note, that the operation of acquiring the file name using this function/method and actual creating of this file is not atomic.
	   So you may need to call this method again if the creation is failed, for example if some other process created the same file in the
	   middle.

       temp_file_name [label]
       $tmp->file_name [label]
	   Like "temp_name", but stores the name in the file list that will be removed on the end (on object destruction).

       temp_dir_name [label]
       $tmp->dir_name [label]
	   Like "temp_name", but stores the name in the dir list that will be removed on the end (on object destruction).

       temp_file [label]
       $tmp->file [label]
	   Like "temp_file_name", but also creates the file.

       temp_dir [label]
       $tmp->dir [label]
	   Like "temp_dir_name", but also creates the dir.

BUGS

       Awaiting for your reports.

AUTHORS

       Mikhael Goikhman (migo@homemail.com--Perl-GPL/arch-perl--devel).

SEE ALSO

       For a different interface, see File::Temp.

perl v5.10.1							    2005-04-22						      Arch::TempFiles(3pm)
All times are GMT -4. The time now is 05:43 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy