[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Using useshell and security
From: |
Adrian Phillips |
Subject: |
Using useshell and security |
Date: |
01 Aug 2001 13:58:33 +0200 |
User-agent: |
Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 |
In the Tutorial there is the following paragraph :-
_`useshell=' in shellcommands_
There are dangers in starting scripts from programs which run with
root privileges. Normally, shell commands are started by executing
them with the help of a `/bin/sh -c' command. The trouble with
this is that it leaves one open to a variety of attacks. One
example is fooling the shell into starting foreign programs by
manipulating the `IFS' variable to treat '/' as a separator. You
can ask cfengine to start programs directly, without involving an
intermediary shell, by setting the `useshell' variable to false.
The disadvantage is that you will not be able to use shell
directives such as `|' and `>' in your commands.
Doesn't use of a sane environment (removing IFS, CDPATH, BASH_ENV as
written in CGI Prorgramming with Perl) and PATH (ie. default to
/bin:/sbin:/usr/local/bin:/usr/local/sbin) make this "impossible"
without actually already having root access to the machine ?
I'm thinking with useshell set to false as default, people who want to
use quick one line shell scripts could then just do "cd <somewhere>;
do something else" without first having to do "sh -c 'and so on'".
Comments ?
Sincerely,
Adrian Phillips
--
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now? [OK]
- Using useshell and security,
Adrian Phillips <=