[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-bash] How to test against shell code injection?
From: |
adrelanos |
Subject: |
Re: [Help-bash] How to test against shell code injection? |
Date: |
Wed, 10 Jul 2013 13:47:02 +0000 |
Chris Down:
> On 2013-07-07 23:48, adrelanos wrote:
>> I wrote a server in bash. It handles potentially untrusted input.
>>
>> Do you know some code to test if its safe?
>
> Just like in any other language, you can't just throw code at a problem to
> test
> if something is "safe". The code needs to be reviewed. This totally depends on
> *how* you are handling the input, which you have not specified.
>
> Show the minimum of code that represents your query.
Ok, I am happy to take that offering.
Init script (probable not crucial for remote code execution in this very
case):
https://github.com/Whonix/Whonix/blob/master/whonix_gateway/etc/init.d/controlportfiltd
Starting the server:
https://github.com/Whonix/Whonix/blob/master/whonix_gateway/usr/bin/controlportfilt
Config file:
https://github.com/Whonix/Whonix/blob/master/whonix_gateway/etc/controlportfilt.d/30_controlportfilt_default
The server:
https://github.com/Whonix/Whonix/blob/master/whonix_gateway/usr/lib/whonix/cpf-tcpserver
Helper application:
https://github.com/Whonix/Whonix/blob/master/whonix_shared/usr/bin/tor-ctrl