Shell security

News	See Also	Recommended Links	Summary of the BASH Debugger	Etc
Restricted Shell	Shell Portability

Linux uses a single shell (bash) for both root account and for users accounts. That creates few additional vulnerabilities but generally is as security as using ksh which is a standard practice on Solaris.

Bash Path Security Gotcha! Playing With Sid

The devil they say is in details, even the simple Bash path variable can open some security problems on your box. Every Bash documentation out there warns us not leave '.' in the path (it matches current directory). They however don't seems to mention that leaving a dangling ':' (colon) at the beginning or the end of Bash $PATH does create the same security vulnerability.
# Standard Bash $PATH 
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# Let's get evil, append a colon at the end 
$ export PATH="$PATH:" 

 # Let's check the tainted Bash $PATH 
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:

# Create Trojan application (of sorts)
$ echo "echo foo"> app
$ chmod +x app

# Run the command and Viola! 
$ app
foo

Recommended Links

Bash_vs._Vista_PowerShell

New Whitepaper - "Second-order Code Injection Attacks ...

Stack-based buffer overflows

Detecting Network-based Obfuscated Code Injection Attacks Using ...

Reviewing Code for OS Injection - OWASP

Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with.
We do not warrant the correctness of the information provided or its fitness for any purpose
In no way this site is associated with or endorse cybersquatters using the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with bad faith intent to profit from the goodwill belonging to someone else.

Last modified: August 10, 2009