Re: OT using absolute paths in scripts
Hi Marc, On Sun, Jan 13, 2013 at 07:12:23PM +0100, Marc Espie wrote: On Sun, Jan 13, 2013 at 11:04:08AM -0600, Maximo Pech wrote: They mandate that on all shell scripts we have to use absolute paths for every single command. That does provide ways less security than setting the PATH to a system-only path at the beginning of your script. Can you elaborate on this? From a security point of view only, this looks to me as a draw. If you consider the portability issues then sure, setting PATH is better. Regards, -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.
Re: OT using absolute paths in scripts
On Mon, Jan 14, 2013 at 1:14 AM, Jeremie Le Hen jere...@le-hen.org wrote: On Sun, Jan 13, 2013 at 07:12:23PM +0100, Marc Espie wrote: On Sun, Jan 13, 2013 at 11:04:08AM -0600, Maximo Pech wrote: They mandate that on all shell scripts we have to use absolute paths for every single command. That does provide ways less security than setting the PATH to a system-only path at the beginning of your script. Can you elaborate on this? From a security point of view only, this looks to me as a draw. If you consider the portability issues then sure, setting PATH is better. You cut out his next paragraph which gives an example of why: Sure, you invoke programs with an absolute path, but have you checked that those programs don't invoke other programs with execvp ? Hard coding depends on you to actually hard code EVERYWHERE, including in paths and commands passed to *other* commands executed from the script that you write. If you screw up and miss one, you lose. Set PATH and you can't miss one. Philip Guenther
Re: [obsd] Re: OT using absolute paths in scripts
On Mon, Jan 14, 2013 at 02:16:24AM -0800, Philip Guenther wrote: On Mon, Jan 14, 2013 at 1:14 AM, Jeremie Le Hen jere...@le-hen.org wrote: On Sun, Jan 13, 2013 at 07:12:23PM +0100, Marc Espie wrote: On Sun, Jan 13, 2013 at 11:04:08AM -0600, Maximo Pech wrote: They mandate that on all shell scripts we have to use absolute paths for every single command. That does provide ways less security than setting the PATH to a system-only path at the beginning of your script. Can you elaborate on this? From a security point of view only, this looks to me as a draw. If you consider the portability issues then sure, setting PATH is better. You cut out his next paragraph which gives an example of why: Sure, you invoke programs with an absolute path, but have you checked that those programs don't invoke other programs with execvp ? Hard coding depends on you to actually hard code EVERYWHERE, including in paths and commands passed to *other* commands executed from the script that you write. If you screw up and miss one, you lose. Set PATH and you can't miss one. Oh yeah, sorry, I didn't notice the p suffix, I just thought of execve(2). Thanks for the clarification. Regards, -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.
Re: [obsd] Re: OT using absolute paths in scripts
On Mon, Jan 14, 2013 at 11:48:04AM +0100, Jeremie Le Hen wrote: On Mon, Jan 14, 2013 at 02:16:24AM -0800, Philip Guenther wrote: On Mon, Jan 14, 2013 at 1:14 AM, Jeremie Le Hen jere...@le-hen.org wrote: On Sun, Jan 13, 2013 at 07:12:23PM +0100, Marc Espie wrote: On Sun, Jan 13, 2013 at 11:04:08AM -0600, Maximo Pech wrote: They mandate that on all shell scripts we have to use absolute paths for every single command. That does provide ways less security than setting the PATH to a system-only path at the beginning of your script. Can you elaborate on this? From a security point of view only, this looks to me as a draw. If you consider the portability issues then sure, setting PATH is better. You cut out his next paragraph which gives an example of why: Sure, you invoke programs with an absolute path, but have you checked that those programs don't invoke other programs with execvp ? Hard coding depends on you to actually hard code EVERYWHERE, including in paths and commands passed to *other* commands executed from the script that you write. If you screw up and miss one, you lose. Set PATH and you can't miss one. Oh yeah, sorry, I didn't notice the p suffix, I just thought of execve(2). That's security, so every little detail counts. Miss one ? You lose, obviously. ;-)
Re: OT using absolute paths in scripts
On Sun, Jan 13 2013 at 04:11, Maximo Pech wrote: At work, we have an information security area for IT. They mandate that on all shell scripts we have to use absolute paths for every single command. I feel that this does not provide real security and only makes scripts somewhat more painful to write. What's your opinion on this? I saw that technique used, but not for security reasons. Is it the only recomendation they've done or there are others? Because if it is the only one, then you can break through this pretty easily: $ export IFS='/ ' Regards
Re: OT using absolute paths in scripts
On Mon, Jan 14, 2013 at 1:49 PM, Claer cl...@claer.hammock.fr wrote: On Sun, Jan 13 2013 at 04:11, Maximo Pech wrote: At work, we have an information security area for IT. They mandate that on all shell scripts we have to use absolute paths for every single command. I feel that this does not provide real security and only makes scripts somewhat more painful to write. What's your opinion on this? I saw that technique used, but not for security reasons. Is it the only recomendation they've done or there are others? Because if it is the only one, then you can break through this pretty easily: $ export IFS='/ ' POSIX 2.5.3, Shell Variables, IFS: Implementations may ignore the value of IFS in the environment, or the absence of IFS from the environment, at the time the shell is invoked, in which case the shell shall set IFS to space tab newline when it is invoked. may isn't a requirement, but what's a standard if a significant amount of implementations agree on what's right? andres@pote:~/tmp $ IFS=asd bash -c 'echo $IFS' | vis \t\$ \$ andres@pote:~/tmp $ IFS=asd ksh -c 'echo $IFS' | vis \t\$ \$ therefore i conclude that you are talking out of your poopy hole
Re: OT using absolute paths in scripts
Well, If a user's $PATH gets compromised, they may run ~/saltedls instead of /bin/ls... dunno, something like that. If you use variables at the beginning of the script it becomes somewhat less painful.
Re: OT using absolute paths in scripts
On Sun, Jan 13, 2013 at 11:04:08AM -0600, Maximo Pech wrote: At work, we have an information security area for IT. They mandate that on all shell scripts we have to use absolute paths for every single command. I feel that this does not provide real security and only makes scripts somewhat more painful to write. What's your opinion on this? That does provide ways less security than setting the PATH to a system-only path at the beginning of your script. Looks like you've got an intermediate-level shell programmer thinking he knows everything about security. (okay, that was mean). Sure, you invoke programs with an absolute path, but have you checked that those programs don't invoke other programs with execvp ? LOCALE and LANG also come to mind... so does LD_PRELOAD and LD_LIBRARY_PATH just for starters.
Re: OT using absolute paths in scripts
On 01/13/13 12:03, Maximo Pech wrote: At work, we have an information security area for IT. They mandate that on all shell scripts we have to use absolute paths for every single command. I feel that this does not provide real security and only makes scripts somewhat more painful to write. What's your opinion on this? I'm not too impressed by this plan for system scripts. If someone got in to add files to default path...they've already been in your system. They are worried about someone dropping a new perl in /sbin which does something you aren't desiring, but if they can do that, they can generally modify the /usr/bin/perl or similar. It sounds like a lot of modern model security...let 'em in, make their life difficult once they are there (oh, and really annoy administrators in the mean time). pain = security, right? (oh, and difficult can mean make 'em die laughing). Now...if you are talking about scripts that ordinary users are intended to run, slightly different story, as users are relatively easy to trick into changing their $PATH and/or adding things to $HOME/bin... or doing it on their own, and wondering why YOUR script blew up shortly after they installed their own custom 'cp' command, and put it in their path before your silly, boring system 'cp'... Nick.
Re: OT using absolute paths in scripts
On Sun, Jan 13, 2013 at 07:12:23PM +0100, Marc Espie wrote: On Sun, Jan 13, 2013 at 11:04:08AM -0600, Maximo Pech wrote: At work, we have an information security area for IT. They mandate that on all shell scripts we have to use absolute paths for every single command. I feel that this does not provide real security and only makes scripts somewhat more painful to write. What's your opinion on this? That does provide ways less security than setting the PATH to a system-only path at the beginning of your script. Looks like you've got an intermediate-level shell programmer thinking he knows everything about security. (okay, that was mean). Sure, you invoke programs with an absolute path, but have you checked that those programs don't invoke other programs with execvp ? LOCALE and LANG also come to mind... so does LD_PRELOAD and LD_LIBRARY_PATH just for starters. Oh, and there's also the fact that hardcoding paths makes any shell-script WAYS less portable, as the exact paths vary from Unix variant to Unix variant. Why should I have to know whether I'm using /bin/true /usr/bin/true or builtin true ? There are already enough gratuitous incompatibilities between Unix variations.