Date: Thu, 18 Nov 2010 10:05:51 -0800 From: Chuck Swiger <cswiger@mac.com> To: Julian Fagir <gnrp@physik.tu-berlin.de> Cc: freebsd-questions@freebsd.org Subject: Re: Escaping from shell-scripts Message-ID: <0988B83D-77E5-4581-BBC1-640FEC31D458@mac.com> In-Reply-To: <20101118145239.10937b78@adolfputzen> References: <20101118145239.10937b78@adolfputzen>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 18, 2010, at 5:52 AM, Julian Fagir wrote: > The straight-forward way would be to write this script, have all input parsed > by read and then let the script act according to this input (let's assume > that these tools are secure, it's just cp'ing and writing to > non-sensitive files. > > Are there possibilities to escape from such a script down to a prompt? Yes; consider using something like: trap "" 2 3 18 ...prevent them from using control-C, control-Z, control-\ to play games with the script. > All in all, this is a more general question I have for quite a time: Can you > use shell-scripts for security-relevant environments? Yes, but you really shouldn't trust them any farther than you would trust a user with an interactive shell. It's just too easy to exploit $IFS, invoke command line utilities that provide shell escapes, etc. Python or C is likely to be more securable, but getting it right is trickier than it may appear. Start with never trusting user-supplied inputs, always validate against a whitelist of what is trusted rather than trying to blacklist bad stuff. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0988B83D-77E5-4581-BBC1-640FEC31D458>