[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using useshell and security

From: Adrian Phillips
Subject: Using useshell and security
Date: 01 Aug 2001 13:58:33 +0200
User-agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

In the Tutorial there is the following paragraph :-

_`useshell=' in shellcommands_
     There are dangers in starting scripts from programs which run with
     root privileges. Normally, shell commands are started by executing
     them with the help of a `/bin/sh -c' command. The trouble with
     this is that it leaves one open to a variety of attacks. One
     example is fooling the shell into starting foreign programs by
     manipulating the `IFS' variable to treat '/' as a separator. You
     can ask cfengine to start programs directly, without involving an
     intermediary shell, by setting the `useshell' variable to false.
     The disadvantage is that you will not be able to use shell
     directives such as `|' and `>' in your commands.

Doesn't use of a sane environment (removing IFS, CDPATH, BASH_ENV as
written in CGI Prorgramming with Perl) and PATH (ie. default to
/bin:/sbin:/usr/local/bin:/usr/local/sbin) make this "impossible"
without actually already having root access to the machine ?

I'm thinking with useshell set to false as default, people who want to
use quick one line shell scripts could then just do "cd <somewhere>;
do something else" without first having to do "sh -c 'and so on'".

Comments ?


Adrian Phillips

Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now?  [OK]

reply via email to

[Prev in Thread] Current Thread [Next in Thread]