Unix/Linux Go Back    


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

Can I prevent a script from being viewed?

UNIX for Advanced & Expert Users


Closed    
 
Thread Tools Search this Thread Display Modes
    #15  
Old Unix and Linux 03-28-2017   -   Original Discussion by SkySmart
Don Cragun's Unix or Linux Image
Don Cragun Don Cragun is offline Forum Staff  
Administrator
 
Join Date: Jul 2012
Last Activity: 23 November 2017, 6:19 PM EST
Location: San Jose, CA, USA
Posts: 10,680
Thanks: 575
Thanked 3,738 Times in 3,190 Posts
Quote:
Originally Posted by dn888 View Post
I'm interested to know more.

For instance, if a user encrypts an ascii file using the following method:


Code:
# echo hello > hello.out
#
# encrypt -a aes -i hello.out -o hello.out.encrypted
Enter key:
# ls -lrth hello.out hello.out.encrypted
-rw-r-----   1 sysadmin   other         6 Mar 28 15:00 hello.out
-rw-r-----   1 sysadmin   other        56 Mar 28 15:01 hello.out.encrypted
# file hello.out hello.out.encrypted
hello.out:      ascii text
hello.out.encrypted:    data
#

When the encrypt program asks the user to insert a key, how can root user capture the input?
Moderator's Comments:
Can I prevent a script from being viewed? Please use CODE tags when displaying sample input, sample output, and code segments.
I must be missing the point. From the prompt you are showing (# ), one would assume that root is running this code. Are you saying that root doesn't know the characters that he or she is typing into the terminal after receiving the prompt for a pass phrase from the encrypt utility?

What is it that you are trying to do?
Sponsored Links
    #16  
Old Unix and Linux 03-28-2017   -   Original Discussion by SkySmart
dn888 dn888 is offline
Registered User
 
Join Date: Mar 2017
Last Activity: 21 August 2017, 6:11 AM EDT
Posts: 17
Thanks: 3
Thanked 4 Times in 4 Posts
The encrypt program can be run by any user to encrypt their files, its available on Solaris.

The example, I've ran above is under a non-root user.

But Corona688 did say that "There are no methods to protect from root, at all." So I'd like to know how can root user know the encryption key to decrypt a users file.

I'm trying to understand how Corona688 came to that conclusion.
Sponsored Links
    #17  
Old Unix and Linux 03-28-2017   -   Original Discussion by SkySmart
Don Cragun's Unix or Linux Image
Don Cragun Don Cragun is offline Forum Staff  
Administrator
 
Join Date: Jul 2012
Last Activity: 23 November 2017, 6:19 PM EST
Location: San Jose, CA, USA
Posts: 10,680
Thanks: 575
Thanked 3,738 Times in 3,190 Posts
You are talking about two different things. If a file is encrypted, only users who know the pass phrase or who have enough compute power to determine the pass phrase by brute force can read the plain text version of that encrypted file.

The topic of this thread, however, is how can a user encrypt a shell script file and let another user who does not know the pass phrase used to encrypt that script run that script without being able to read it as clear text. And, the answer is that it cannot be done.

If a script is obfuscated by its owner and can be run by somebody else without knowing the obfuscation method used, then anyone who has read access to the file can also read the clear text of that script and/or run the file.

And, if a file is made unreadable just by changing its mode, that will not keep any root user on that system from reading that file (both because root can read any file with any read permission bit set and because root can change the mode of any file to any mode they choose.)
    #18  
Old Unix and Linux 03-28-2017   -   Original Discussion by SkySmart
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 23 November 2017, 4:41 PM EST
Location: Saskatchewan
Posts: 22,523
Thanks: 1,154
Thanked 4,275 Times in 3,948 Posts
Quote:
Originally Posted by dn888 View Post
The encrypt program can be run by any user to encrypt their files, its available on Solaris.

The example, I've ran above is under a non-root user.
I have assumed that you don't wish to type in a password every time you want to run that script, because 99.9% of the time, people don't.

If the script contains instructions for decrypting itself without a password, root can read it and decrypt it, because it literally contains step by step instructions for doing so.
Quote:
But Corona688 did say that "There are no methods to protect from root, at all." So I'd like to know how can root user know the encryption key to decrypt a users file.

I'm trying to understand how Corona688 came to that conclusion.
Root has full control of the machine. They can alter it to their needs. They can do things like subverting your profile, subverting system libraries, altering your environment, setting up full system traces on platforms which support it, and even doing minor alterations to the kernel. They could trace you typing in your password if they really, really want to, or (much more easily) fake you into typing the password into something else.

I won't go into more details, as I'm not in the business of making malicious hacks. But you cannot defend from root.

Last edited by Corona688; 03-28-2017 at 02:55 PM..
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Any Help About this script how can i prevent client to use it ? jackmio Red Hat 1 03-08-2016 12:27 AM
how do i prevent $ from being commented out if no value is present? (Bash Script) xxxx Shell Programming and Scripting 2 01-22-2012 04:58 AM
Cron job to prevent simultaneous script tech9821 Shell Programming and Scripting 5 06-16-2010 06:02 PM
script - how to prevent in parallel run Gopal_Engg Shell Programming and Scripting 1 02-24-2010 05:24 AM
Use UNIX to track web sites viewed? tracymanusa OS X (Apple) 1 11-27-2005 02:19 AM



All times are GMT -4. The time now is 11:51 PM.