Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Attacking Potential of sh-scripts
Special Forums Cybersecurity Attacking Potential of sh-scripts Post 302508527 by Corona688 on Monday 28th of March 2011 11:43:02 AM
Old 03-28-2011
Quote:
Originally Posted by disaster
Thanks for the answer, but you misunderstood me.
I assumed that all form of bringing executable code in the system is not possible (which is done via signature checking in the kernel)
This doesn't mean you shouldn't still think about other vectors.
Quote:
So basically all the user can do is to execute programs that are already on the system. Changing those in the system will cause them to fail to execute.
How do these executables get signed? Any vulnerabilities in that and bam, you might as well have not had it.
Quote:
Because if I understand you right you mean he would build is own executable by copying it from different locations and/or writing it new. Such executables would be hindered from execution by the kernel
Hm.

Which shell? A shell that can make network sockets, like newer bash or newer ksh, could still be used as part of a zombie net.

For that matter, they could just use existing utilities for the most part.
 

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Potential new user of Unix

Hi all, Complete and utter virgin Unix person here (I don't even have the OS yet) As I'm doing a "looking into it" kinda thing before I move from MS I hope my questions are not inappropriate. 1. Should I get some kind off anti virus software. I know Unix is pretty good for not getting them... (2 Replies)
Discussion started by: dhula
2 Replies

2. AIX

how to handle potential file contention

I need to change how a posting procedure currently works in order to improve load balancing but I am hitting a potential file contention problem that I was wondering if someone here could assist me with... In a directory called FilePool I would have a bunch of files that are constantly coming in... (3 Replies)
Discussion started by: philplasma
3 Replies

3. HP-UX

Potential file system contention on directory

We have an 8-processor Itanium system running HP-UX 11.23 connected to shared SAN discs. We have an application that creates files (about 10) in a specific directory. When the application terminates, these files are removed (unlink) and a few others are updated. The directory contains... (8 Replies)
Discussion started by: FDesrochers
8 Replies

LEARN ABOUT DEBIAN

shell-quote

SHELL-QUOTE(1p) 					User Contributed Perl Documentation					   SHELL-QUOTE(1p)

NAME

       shell-quote - quote arguments for safe use, unmodified in a shell command

SYNOPSIS

       shell-quote [switch]... arg...

DESCRIPTION

       shell-quote lets you pass arbitrary strings through the shell so that they won't be changed by the shell.  This lets you process commands
       or files with embedded white space or shell globbing characters safely.	Here are a few examples.

EXAMPLES

       ssh preserving args
	   When running a remote command with ssh, ssh doesn't preserve the separate arguments it receives.  It just joins them with spaces and
	   passes them to "$SHELL -c".	This doesn't work as intended:

	       ssh host touch 'hi there'	   # fails

	   It creates 2 files, hi and there.  Instead, do this:

	       cmd=`shell-quote touch 'hi there'`
	       ssh host "$cmd"

	   This gives you just 1 file, hi there.

       process find output
	   It's not ordinarily possible to process an arbitrary list of files output by find with a shell script.  Anything you put in $IFS to
	   split up the output could legitimately be in a file's name.	Here's how you can do it using shell-quote:

	       eval set -- `find -type f -print0 | xargs -0 shell-quote --`

       debug shell scripts
	   shell-quote is better than echo for debugging shell scripts.

	       debug() {
		   [ -z "$debug" ] || shell-quote "debug:" "$@"
	       }

	   With echo you can't tell the difference between "debug 'foo bar'" and "debug foo bar", but with shell-quote you can.

       save a command for later
	   shell-quote can be used to build up a shell command to run later.  Say you want the user to be able to give you switches for a command
	   you're going to run.  If you don't want the switches to be re-evaluated by the shell (which is usually a good idea, else there are
	   things the user can't pass through), you can do something like this:

	       user_switches=
	       while [ $# != 0 ]
	       do
		   case x$1 in
		       x--pass-through)
			   [ $# -gt 1 ] || die "need an argument for $1"
			   user_switches="$user_switches "`shell-quote -- "$2"`
			   shift;;
		       # process other switches
		   esac
		   shift
	       done
	       # later
	       eval "shell-quote some-command $user_switches my args"

OPTIONS

       --debug
	   Turn debugging on.

       --help
	   Show the usage message and die.

       --version
	   Show the version number and exit.

AVAILABILITY

       The code is licensed under the GNU GPL.	Check http://www.argon.org/~roderick/ or CPAN for updated versions.

AUTHOR

       Roderick Schertler <roderick@argon.org>

perl v5.8.4							    2005-05-03							   SHELL-QUOTE(1p)
All times are GMT -4. The time now is 10:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy