From owner-freebsd-questions@FreeBSD.ORG Thu Feb 15 16:29:44 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1E4A716A401 for ; Thu, 15 Feb 2007 16:29:44 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.freebsd.org (Postfix) with ESMTP id C837613C467 for ; Thu, 15 Feb 2007 16:29:43 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan@localhost [127.0.0.1]) by dan.emsphone.com (8.14.0/8.13.8) with ESMTP id l1FGTgmX022848 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 15 Feb 2007 10:29:43 -0600 (CST) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.0/8.14.0/Submit) id l1FGTgWx022847; Thu, 15 Feb 2007 10:29:42 -0600 (CST) (envelope-from dan) Date: Thu, 15 Feb 2007 10:29:42 -0600 From: Dan Nelson To: Thomas Dickey Message-ID: <20070215162942.GB1716@dan.emsphone.com> References: <20070215045712.GA1716@dan.emsphone.com> <20070215111355.GA17348@saltmine.radix.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070215111355.GA17348@saltmine.radix.net> X-OS: FreeBSD 6.2-STABLE User-Agent: Mutt/1.5.13 (2006-08-11) Cc: FreeBSD - Questions Subject: Re: Ksh Shell script security question. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 16:29:44 -0000 In the last episode (Feb 15), Thomas Dickey said: > On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: > > In the last episode (Feb 14), Dak Ghatikachalam said: > > > I am am puzzled how to secure this code when this shell script is > > > being executed. > > > > > > ${ORACLE_HOME}/bin/sqlplus -s < > > EOF > > > > > > When I run this code from shell script in /tmp directory it spews > > > file called /tmp/sh03400.000 in that I have this entire code > > > visible. > > > > I bet if you check the permissions you'll find the file has mode > > 0600, which means only the user running the script can read the > > file (at least that's what a test using the pdksh port does on my > > system). ksh93 does have a problem, though: it opens a file and > > immediately unlinks it, but the file is world-readable for a short > > time. > > Doesn't it (ksh93, etc) pay attention to umask? > If it does, the script should use that feature. It does honor umask, but I think temp files should be created mode 0600 in all cases. A person may have a umask of 022 to allow normal files to be read by group members but still not want them to see here-document contents. They may not even realize that their shell is using tempfiles. Some shells use pipes (bash and ash do; zsh uses an 0600 tempfile that it immediately unlinks; Solaris sh uses an 0600 tempfile). > > Both ksh variants honor the TMPDIR variable, though, so if you create a > > ~/tmp directory, chmod it so only you can access it, then set > > TMPDIR=~/tmp , you will be secure even if you're using ksh93. > > relatively (it's not a given that people haven't opened up ~/tmp) I think if someone has gone to the trouble of creating a private ~/tmp directory, they probably know what they're doing and know the consequences of opening it up. -- Dan Nelson dnelson@allantgroup.com