[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using useshell and security

From: Mark . Burgess
Subject: Re: Using useshell and security
Date: Wed, 1 Aug 2001 14:03:08 +0200 (MET DST)

On  1 Aug, Adrian Phillips wrote:
> In the Tutorial there is the following paragraph :-
> _`useshell=' in shellcommands_
>      There are dangers in starting scripts from programs which run with
>      root privileges. Normally, shell commands are started by executing
>      them with the help of a `/bin/sh -c' command. The trouble with
>      this is that it leaves one open to a variety of attacks. One
>      example is fooling the shell into starting foreign programs by
>      manipulating the `IFS' variable to treat '/' as a separator. You
>      can ask cfengine to start programs directly, without involving an
>      intermediary shell, by setting the `useshell' variable to false.
>      The disadvantage is that you will not be able to use shell
>      directives such as `|' and `>' in your commands.
> Doesn't use of a sane environment (removing IFS, CDPATH, BASH_ENV as
> written in CGI Prorgramming with Perl) and PATH (ie. default to
> /bin:/sbin:/usr/local/bin:/usr/local/sbin) make this "impossible"
> without actually already having root access to the machine ?
> I'm thinking with useshell set to false as default, people who want to
> use quick one line shell scripts could then just do "cd <somewhere>;
> do something else" without first having to do "sh -c 'and so on'".
> Comments ?
> Sincerely,
> Adrian Phillips

That's not the point. It's about trust. You do not write all the
code you execute. Somethings are inherited. There are many ways to
attack a system.


Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :

reply via email to

[Prev in Thread] Current Thread [Next in Thread]