[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Using useshell and security
From: |
Mark . Burgess |
Subject: |
Re: Using useshell and security |
Date: |
Wed, 1 Aug 2001 14:03:08 +0200 (MET DST) |
On 1 Aug, Adrian Phillips wrote:
>
> In the Tutorial there is the following paragraph :-
>
> _`useshell=' in shellcommands_
> There are dangers in starting scripts from programs which run with
> root privileges. Normally, shell commands are started by executing
> them with the help of a `/bin/sh -c' command. The trouble with
> this is that it leaves one open to a variety of attacks. One
> example is fooling the shell into starting foreign programs by
> manipulating the `IFS' variable to treat '/' as a separator. You
> can ask cfengine to start programs directly, without involving an
> intermediary shell, by setting the `useshell' variable to false.
> The disadvantage is that you will not be able to use shell
> directives such as `|' and `>' in your commands.
>
> Doesn't use of a sane environment (removing IFS, CDPATH, BASH_ENV as
> written in CGI Prorgramming with Perl) and PATH (ie. default to
> /bin:/sbin:/usr/local/bin:/usr/local/sbin) make this "impossible"
> without actually already having root access to the machine ?
>
> I'm thinking with useshell set to false as default, people who want to
> use quick one line shell scripts could then just do "cd <somewhere>;
> do something else" without first having to do "sh -c 'and so on'".
>
> Comments ?
>
> Sincerely,
>
> Adrian Phillips
>
That's not the point. It's about trust. You do not write all the
code you execute. Somethings are inherited. There are many ways to
attack a system.
M
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~