Attacking Potential of sh-scripts Post: 302508890

Sponsored Content

Special Forums Cybersecurity Attacking Potential of sh-scripts Post 302508890 by Corona688 on Tuesday 29th of March 2011 11:03:58 AM

03-29-2011

Registered User

Quote:

Originally Posted by disaster

Well, "standard" programs are available (chmod, chroot etc. for security reasons not)

You could hardly have a UNIX system without chmod. You'd be unable to prevent anyone from reading your files -- or, if the default umask is set in a draconian manner, unable to allow anyone to read your files. The only user able to do so would presumably be root (since only root can change other users' permissions), so you'd need to run things as root all the time to accomplish normal tasks.

I think you need to rethink your security model.

Corona688

View Public Profile for Corona688

Visit Corona688's homepage!

Find all posts by Corona688

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Potential new user of Unix

Hi all, Complete and utter virgin Unix person here (I don't even have the OS yet) As I'm doing a "looking into it" kinda thing before I move from MS I hope my questions are not inappropriate. 1. Should I get some kind off anti virus software. I know Unix is pretty good for not getting them...

2. AIX

how to handle potential file contention

I need to change how a posting procedure currently works in order to improve load balancing but I am hitting a potential file contention problem that I was wondering if someone here could assist me with... In a directory called FilePool I would have a bunch of files that are constantly coming in...

3. HP-UX

Potential file system contention on directory

We have an 8-processor Itanium system running HP-UX 11.23 connected to shared SAN discs. We have an application that creates files (about 10) in a specific directory. When the application terminates, these files are removed (unlink) and a few others are updated. The directory contains...

LEARN ABOUT MINIX

chmod

CHMOD(1)						      General Commands Manual							  CHMOD(1)

NAME

       chmod - change access mode for files

SYNOPSIS

       chmod [-R] mode file ...

OPTIONS

       -R     Change hierarchies recursively

EXAMPLES

       chmod 755 file	   # Owner: rwx Group: r-x Others: r-x

       chmod +x file1 file2
			   # Make file1 and file2 executable

       chmod a-w file	   # Make file read only

       chmod u+s file	   # Turn on SETUID for file

       chmod -R o+w dir    # Allow writing for all files in dir

DESCRIPTION

       The  given mode is applied to each file in the file list. If the -R flag is present, the files in a directory will be changed as well.  The
       mode can be either absolute or symbolic. Absolute modes are given as an octal number that represents the new file mode. The mode  bits  are
       defined as follows:

	 4000	 Set effective user id on execution to file's owner id
	 2000	 Set effective group id on execution to file's group id
	 0400	 file is readable by the owner of the file
	 0200	 writeable by owner
	 0100	 executable by owner
	 0070	 same as above, for other users in the same group
	 0007	 same as above, for all other users

       Symbolic modes modify the current file mode in a specified way. The form is:

	 [who] op permissions { op permissions ...} {, [who] op ... }

       The  possibilities for who are u, g, o, and a, standing for user, group, other and all, respectively.  If who is omitted, a is assumed, but
       the current umask is used.  The op can be +, -, or =;  + turns on the given permissions, - turns them off; = sets  the  permissions  exclu-
       sively for the given who.  For example g=x sets the group permissions to --x.

       The  possible  permissions are r, w, x; which stand for read, write, and execute;  s turns on the set effective user/group id bits.  s only
       makes sense with u and g; o+s is harmless.

SEE ALSO

       ls(1), chmod(2).

																	  CHMOD(1)