Asked 6 years, 4 months ago. Active 6 years, 4 months ago. Viewed 11k times. Improve this question. Nainita Nainita 2, 9 9 gold badges 31 31 silver badges 44 44 bronze badges. The question is a little all-over-the place, but, based on the "When to use!
Add a comment. Active Oldest Votes. Improve this answer. The Overflow Blog. These days, the name of the interpreter is common. When executable shell scripts were first introduced they honored the suid bit. This was a disaster for security. And the script itself is just:! The script is a single line with no hidden characters.
The shell will ignore it because it is a comment and then exit because there are no other lines. This script is already insecure and is vulnerable to two different attacks. That is what we expected. The shell was quickly modified to accept a single hyphen as the end of switch setting arguments. So we modify our one line script to read:! It might even be considered useful because it makes this attack more noticable with the ps command.
Attack 2: changing the link This one is harder to explain. As before, we make a symbolic link to the script under attack, but this time the name does not matter. Then we run the script via our new symbolic link. Then we quickly change the symbolic link to point to an evil script.
We want to change what the symbolic link points to after the kernel opens it but before the interpreter opens it. This is a race condition and it will not work every time. It also requires a bit of clever programming to pull this one off. But done correctly, we will have our evil script running as root. Suid Scripts Disabled Because it was not possible to write a secure suid shell script, the concept of suid shell scripts was removed from Unix.
Around this time the program sudo was written and this largely oviated the need for suid shell scripts. I don't believe any version of unix released in the past 15 years has these problems. And if I did, I would not have discussed these attacks. By now I hope you can see why many old time system admins such as myself still have a dim view of suid shell scripts. The Return of Suid Scripts Solaris now supports suid shell scripts but it is immune to these attacks. It does this by ensuring that the script is opened only once in the case of a suid script.
If the suid bit is set, Solaris uses the fd filesystem to pass the script to the interpreter. Because the name used is concealed from the intrepreter, there is no harm if that name was something odd like "-i". Because the script is opened one time, there is no harm if a symbolic link is suddenly switched to an evil script.
But note that this finally gets us to a stage where a one line script containing only a comment can be safely run. There can still be other security problems with a poorly written suid script.
If you must use suid shell scripts, here are a few tips: 1. Use ksh Dave Korn analysed all of the attacks on shell scripts and closed as many holes as he could.
In particular, ksh is immune to IFS based attacks. Also if it finds that it is going interactive with an effective uid of root together with a real uid which is not root, it will use its root authority to set the effective uid to the real uid prior to issuing a prompt.
Make the list of directories as short as possible. Do not start or end the list with a colon or have two consecutive colons. And do not put.
Explicitly export PATH. And ensure that every directory mentioned in PATH is writable only by root. You can further protect your script by relying on PATH as little as possible. Again: make the list of directories as short as possible. And then export IFS. While ksh is immune to the IFS attack, some other shells are not immune. Something you do in your script may indirectly invoke another shell.
Make sure that the script is not writable Most versions of unix these days will remove the suid bit on a file as it is being written by a process owned by a user different than the owner of the file. But don't depend on that behavior. Do not execute directly or indirectly any user supplied input You must ensure that user input is never delivered to the shell to interpret as executable code.
If you don't know how to ensure this, then you should not process any user input. Note that the parameters of the script must be considered user input. Be careful if you invoke programs that solicit input from the user Do not invoke programs that allow the user to execute arbitrary programs.
Yes I think it is mandatory that! BCZ it identifies your script as kornel shell script…. Yes, it is mandatory to have! If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. Hope this has given answer to your question. To have any effect, i. When you start your program by!
This is important because if you have commands that are particular to any shell type and if you are not using that shell then the whole script may give strange results or no output. So when UNIX designers designed the shell, they allotted the fist line of your shell to specify which shell you want to use. Now if you write the! The shebang is not always necessary, and it is not necessarily a good thing.
So for your particular system, if you are writing script for Z shell and you have installed only bash then it may generate problem …. Once I was writing a install script, and not included the!
0コメント