Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Attacking Potential of sh-scripts
Special Forums Cybersecurity Attacking Potential of sh-scripts Post 302508899 by Perderabo on Tuesday 29th of March 2011 11:23:47 AM
Old 03-29-2011
If simply reading files needs to be prevented you are going to be out of luck with your approach. With bash or ksh a user with no access to any executables can do stuff like:
Code:
function cat { while read l ; do echo "$l" ; done < $1 ; }
function ls { while [ $# -ne 0 ] ; do echo "$1" ; shift; done ;}

and browse the system for any readable files. You really need to put users in a chroot jail and ensure that they have no root access to get true security.
 

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Potential new user of Unix

Hi all, Complete and utter virgin Unix person here (I don't even have the OS yet) As I'm doing a "looking into it" kinda thing before I move from MS I hope my questions are not inappropriate. 1. Should I get some kind off anti virus software. I know Unix is pretty good for not getting them... (2 Replies)
Discussion started by: dhula
2 Replies

2. AIX

how to handle potential file contention

I need to change how a posting procedure currently works in order to improve load balancing but I am hitting a potential file contention problem that I was wondering if someone here could assist me with... In a directory called FilePool I would have a bunch of files that are constantly coming in... (3 Replies)
Discussion started by: philplasma
3 Replies

3. HP-UX

Potential file system contention on directory

We have an 8-processor Itanium system running HP-UX 11.23 connected to shared SAN discs. We have an application that creates files (about 10) in a specific directory. When the application terminates, these files are removed (unlink) and a few others are updated. The directory contains... (8 Replies)
Discussion started by: FDesrochers
8 Replies

LEARN ABOUT OPENSOLARIS

echo

echo(1B)					     SunOS/BSD Compatibility Package Commands						  echo(1B)

NAME

       echo - echo arguments to standard output

SYNOPSIS

       /usr/ucb/echo [-n] [argument]

DESCRIPTION

       echo writes its arguments, separated by BLANKs and terminated by a NEWLINE, to the standard output.

       echo  is useful for producing diagnostics in command files and for sending known data into a pipe, and for displaying the contents of envi-
       ronment variables.

       For example, you can use echo to determine how many subdirectories below the root directory (/) is your current directory, as follows:

	   o	  echo your current-working-directory's full pathname

	   o	  pipe the output through tr to translate the path's embedded slash-characters into space-characters

	   o	  pipe that output through wc -w for a count of the names in your path.

		    example% /usr/bin/echo "echo $PWD | tr '/' ' ' | wc -w"

       See tr(1) and wc(1) for their functionality.

       The shells csh(1), ksh(1), and sh(1), each have an echo built-in command, which, by default, will have precedence, and will be  invoked	if
       the  user  calls  echo without a full pathname. /usr/ucb/echo and csh's echo() have an -n option, but do not understand back-slashed escape
       characters. sh's echo(), ksh's echo(), and /usr/bin/echo, on the other hand, understand the  black-slashed  escape  characters,	and  ksh's
       echo() also understands a as the audible bell character; however, these commands do not have an -n option.

OPTIONS

       -n    Do not add the NEWLINE to the output.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWscpu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       csh(1), echo(1), ksh(1), sh(1), tr(1), wc(1), attributes(5)

NOTES

       The -n option is a transition aid for BSD applications, and may not be supported in future  releases.

SunOS 5.11							    3 Aug 1994								  echo(1B)
All times are GMT -4. The time now is 03:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy