From owner-freebsd-questions@FreeBSD.ORG Thu Nov 18 18:06:12 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17CCD106564A for ; Thu, 18 Nov 2010 18:06:12 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout027.mac.com (asmtpout027.mac.com [17.148.16.102]) by mx1.freebsd.org (Postfix) with ESMTP id 00C128FC18 for ; Thu, 18 Nov 2010 18:06:11 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp027.mac.com (Oracle Communications Messaging Exchange Server 7u4-18.01 64bit (built Jul 15 2010)) with ESMTPSA id <0LC300LX2E9RPQ30@asmtp027.mac.com> for freebsd-questions@freebsd.org; Thu, 18 Nov 2010 10:05:52 -0800 (PST) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2010-11-18_08:2010-11-18, 2010-11-18, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1010190000 definitions=main-1011180140 From: Chuck Swiger In-reply-to: <20101118145239.10937b78@adolfputzen> Date: Thu, 18 Nov 2010 10:05:51 -0800 Message-id: <0988B83D-77E5-4581-BBC1-640FEC31D458@mac.com> References: <20101118145239.10937b78@adolfputzen> To: Julian Fagir X-Mailer: Apple Mail (2.1082) Cc: freebsd-questions@freebsd.org Subject: Re: Escaping from shell-scripts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2010 18:06:12 -0000 On Nov 18, 2010, at 5:52 AM, Julian Fagir wrote: > The straight-forward way would be to write this script, have all input parsed > by read and then let the script act according to this input (let's assume > that these tools are secure, it's just cp'ing and writing to > non-sensitive files. > > Are there possibilities to escape from such a script down to a prompt? Yes; consider using something like: trap "" 2 3 18 ...prevent them from using control-C, control-Z, control-\ to play games with the script. > All in all, this is a more general question I have for quite a time: Can you > use shell-scripts for security-relevant environments? Yes, but you really shouldn't trust them any farther than you would trust a user with an interactive shell. It's just too easy to exploit $IFS, invoke command line utilities that provide shell escapes, etc. Python or C is likely to be more securable, but getting it right is trickier than it may appear. Start with never trusting user-supplied inputs, always validate against a whitelist of what is trusted rather than trying to blacklist bad stuff. Regards, -- -Chuck