Attacking Potential of sh-scripts Post: 302509527

Sponsored Content

Special Forums Cybersecurity Attacking Potential of sh-scripts Post 302509527 by hergp on Thursday 31st of March 2011 02:40:12 AM

03-31-2011

Registered User

Kornshell 93 has a long list of commands built into the shell for performance reasons. So if you execute chmod in ksh93, you don't need the external chmod program. Sometimes you need to call chmod with a full pathname, but that is not much of an obstacle.

Code:

$ type chmod
chmod is a tracked alias for /usr/bin/chmod
$ type /usr/ast/bin/chmod
/usr/ast/bin/chmod is a shell builtin

(from Opensolaris' ksh)

I don't think, chroot will help you much in this case. The only solution I can think of, is to delete ksh93 or compile your own version without builtins - which will result in slower execution of shellscripts.

This User Gave Thanks to hergp For This Post:

hergp

View Public Profile for hergp

Find all posts by hergp

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Potential new user of Unix

Hi all, Complete and utter virgin Unix person here (I don't even have the OS yet) As I'm doing a "looking into it" kinda thing before I move from MS I hope my questions are not inappropriate. 1. Should I get some kind off anti virus software. I know Unix is pretty good for not getting them...

2. AIX

how to handle potential file contention

I need to change how a posting procedure currently works in order to improve load balancing but I am hitting a potential file contention problem that I was wondering if someone here could assist me with... In a directory called FilePool I would have a bunch of files that are constantly coming in...

3. HP-UX

Potential file system contention on directory

We have an 8-processor Itanium system running HP-UX 11.23 connected to shared SAN discs. We have an application that creates files (about 10) in a specific directory. When the application terminates, these files are removed (unlink) and a few others are updated. The directory contains...

LEARN ABOUT CENTOS

gnutls_x509_crt_get_verify_algorithm

gnutls_x509_crt_get_verify_algorithm(3) 			      gnutls				   gnutls_x509_crt_get_verify_algorithm(3)

NAME

       gnutls_x509_crt_get_verify_algorithm - API function

SYNOPSIS

       #include <gnutls/compat.h>

       int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt, const gnutls_datum_t * signature, gnutls_digest_algorithm_t * hash);

ARGUMENTS

       gnutls_x509_crt_t crt
		   Holds the certificate

       const gnutls_datum_t * signature
		   contains the signature

       gnutls_digest_algorithm_t * hash
		   The result of the call with the hash algorithm used for signature

DESCRIPTION

       This function will read the certifcate and the signed data to determine the hash algorithm used to generate the signature.

DEPRECATED

       Use gnutls_pubkey_get_verify_algorithm() instead.

RETURNS

       the 0 if the hash algorithm is found. A negative error code is returned on error.

SINCE

       2.8.0

REPORTING BUGS

       Report bugs to <bug-gnutls@gnu.org>.
       General guidelines for reporting bugs: http://www.gnu.org/gethelp/
       GnuTLS home page: http://www.gnu.org/software/gnutls/

COPYRIGHT

       Copyright (C) 2012 Free Software Foundation, Inc..
       Copying	and  distribution  of  this file, with or without modification, are permitted in any medium without royalty provided the copyright
       notice and this notice are preserved.

SEE ALSO

       The full documentation for gnutls is maintained as a Texinfo manual.  If the info and gnutls programs are properly installed at your  site,
       the command

	      info gnutls

       should give you access to the complete manual.  As an alternative you may obtain the manual from:

	      http://www.gnu.org/software/gnutls/manual/

gnutls								      3.1.15				   gnutls_x509_crt_get_verify_algorithm(3)