View previous topic :: View next topic |
Author |
Message |
chimeric n00b
Joined: 15 Feb 2007 Posts: 10 Location: Germany
|
Posted: Fri Mar 23, 2007 7:14 pm Post subject: [SOLVED] looking for advice with bash scripting |
|
|
Hi everybody,
first I`d like to say that I am new to the forum (though not new to gentoo, I use it on my main workstation for more than 2 years now and it`s by far the best distro I`ve ever seen ). I am currently working on a little bash backup script which uses dar and sshfs. This script should be as portable as possible as I want to use it on several machines. While thinking about it I questioned myself if it`s generally a good idea (or a good habit) to use the full path of the used programs in the script like:
Or is it better to put the program path in a variable using "which":
Code: | SSHFS=$(which sshfs) |
(though I am unsure if this could result in a possible security issue on compromised machines)?
Or doesn`t it matter at all?
Thanks in Advance!
Last edited by chimeric on Mon Mar 26, 2007 5:39 pm; edited 1 time in total |
|
Back to top |
|
|
tuam l33t
Joined: 04 May 2004 Posts: 765 Location: CGN, Germany
|
Posted: Fri Mar 23, 2007 9:49 pm Post subject: |
|
|
The basic security issue is the following:
- script is setuid root: runs with root privileges
- cracker creates evil binary named sshfs somewhere in his home, makes it executable
- cracker modifies $PATH, so his home is searched first
- cracker runs script
evil binary is run with root privileges
Possible solutions
- mount all dirs where cracker has write access with noexec
- hard-code paths
The idea of putting the path in a variable makes the script easier to maintain or port to other machines. So use SSHFS="/usr/bin/sshfs" at the beginniing of your script.
FF,
Daniel _________________ Logic clearly dictates that the needs of the many outweigh the needs of the few. - Spock
The needs of the one outweigh the needs of the many. - Kirk
I refuse to let arithmetic decide questions like that. - Picard |
|
Back to top |
|
|
chimeric n00b
Joined: 15 Feb 2007 Posts: 10 Location: Germany
|
Posted: Mon Mar 26, 2007 5:39 pm Post subject: |
|
|
Thanks tuam for your explanation!
Kind Regards |
|
Back to top |
|
|
|