From owner-freebsd-questions@FreeBSD.ORG Thu Feb 15 12:09:10 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E6CB16A47C for ; Thu, 15 Feb 2007 12:09:10 +0000 (UTC) (envelope-from dickey@saltmine.radix.net) Received: from saltmine.radix.net (saltmine.radix.net [207.192.128.40]) by mx1.freebsd.org (Postfix) with ESMTP id E7E1513C474 for ; Thu, 15 Feb 2007 12:09:09 +0000 (UTC) (envelope-from dickey@saltmine.radix.net) Received: from saltmine.radix.net (localhost [127.0.0.1]) by saltmine.radix.net (8.12.2/8.12.2) with ESMTP id l1FBDtWJ018902; Thu, 15 Feb 2007 06:13:55 -0500 (EST) Received: (from dickey@localhost) by saltmine.radix.net (8.12.2/8.12.2/Submit) id l1FBDt5n018901; Thu, 15 Feb 2007 06:13:55 -0500 (EST) Date: Thu, 15 Feb 2007 06:13:55 -0500 From: Thomas Dickey To: Dan Nelson Message-ID: <20070215111355.GA17348@saltmine.radix.net> References: <20070215045712.GA1716@dan.emsphone.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline In-Reply-To: <20070215045712.GA1716@dan.emsphone.com> User-Agent: Mutt/1.3.27i Cc: FreeBSD - Questions Subject: Re: Ksh Shell script security question. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 12:09:10 -0000 --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: > In the last episode (Feb 14), Dak Ghatikachalam said: > > I am am puzzled how to secure this code when this shell script is > > being executed. > >=20 > > ${ORACLE_HOME}/bin/sqlplus -s < > connect system/ugo8990d > > set heading off > > set feedback off > > set pagesize 500 > > select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; > > quit > > EOF > >=20 > > When I run this code from shell script in /tmp directory it spews > > file called /tmp/sh03400.000 in that I have this entire code visible. >=20 > I bet if you check the permissions you'll find the file has mode 0600, > which means only the user running the script can read the file (at > least that's what a test using the pdksh port does on my system).=20 > ksh93 does have a problem, though: it opens a file and immediately > unlinks it, but the file is world-readable for a short time. Doesn't it (ksh93, etc) pay attention to umask? If it does, the script should use that feature. >=20 > Both ksh variants honor the TMPDIR variable, though, so if you create a > ~/tmp directory, chmod it so only you can access it, then set > TMPDIR=3D~/tmp , you will be secure even if you're using ksh93. relatively (it's not a given that people haven't opened up ~/tmp) --=20 Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SunOS) Comment: For info see http://www.gnupg.org iD8DBQFF1D/4tIqByHxlDocRAlMhAJ9pVVssmsIfksTz1WDHvhW6xMuMUgCdHQYv byOThYF0e5k9rkfHcr5ZY/U= =1kFI -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV--