We just had a case where finding script output files in /tmp or /var/tmp or other world writeable dirs, could be written as symlinks by an unprivileged user to cause harm.
It's not easily exploitable due to the output file having to NOT exist and also the user knowing what name it will be, but it is possible.
e.g
If user1 (normal user) wrote a symlink in /tmp to /etc/passwd
user1# ln -s /tmp/script.out /etc/passwd
Then a script came along running as root and created output or debug or anything to /tmp/script.out then it would overwrite /etc/passwd and obviously cause trouble to the system.
As said the user would need to know what scripts would be ran as root and where to output but people sometimes forget to chmod 750 ot 700 certain scripts.
If therefore check any output file i'm going to create as below :-
Last edited by lavascript; 04-22-2009 at 10:28 AM..
Reason: dont want " " around $@ in function
Good afternoon everyone,
I am very new to UNIX shell scripting and I am trying to understand the following code. I know what it does but I need to modify it so it will allow me to pass a file name as *FILENAME*
Thank for any guidance offered.
if ] ; then
match=`expr "$file" :... (2 Replies)
I have a file f1.txt that contains string:
f1.txt
aaa
bbb
ccc
...
I want to write code to search that each string in file f2.txt(this file contains 1000+line codes).
file f2.txt
..
..
....aaa...xyz..
...
...
...ppp...
(dots . can be characters ot blank spaces)
If particular... (2 Replies)
Hi
i am connected to remote system using putty over ssh-1 version. i can see the command line and able to perform the operations through it.
is it possible to have a GUI interface of my login rather than terminal access?
do i need to use any client other than putty ?
any help is much... (5 Replies)
I just installed 5.3 TL0 on a B50 server. I need to get ssh installed. I tried the links at http://sourceforge.net/projects/openssh-aix]
I downloaded openssh_5.2p1_aix53.tar and openssh-4.5_srcpatch.tar.
The installation failed. The notes say that this was compiled for TL 8, and mine is... (3 Replies)
Would anyone have details of pre-existing Unix shell scripting standards. I've been asked to prepare a document outlining standards when writing korn shell scripts & don't really know where to start. Thanks. (6 Replies)
Given this one long stream of data (all one line):
<TransactionDetail><TransactionHeader><ErrorLogging>YES</ErrorLogging><HistoryLogging>YES</HistoryLogging><ErrorDetection>NO</ErrorD... (4 Replies)