Re: Ksh Shell script security question.
On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote:
In the last episode (Feb 14), Dak Ghatikachalam said:
I am am puzzled how to secure this code when this shell script is
being executed.
${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE}
connect system/ugo8990d
set heading off
set feedback off
set pagesize 500
select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY;
quit
EOF
When I run this code from shell script in /tmp directory it spews
file called /tmp/sh03400.000 in that I have this entire code visible.
I bet if you check the permissions you'll find the file has mode 0600,
which means only the user running the script can read the file (at
least that's what a test using the pdksh port does on my system).
ksh93 does have a problem, though: it opens a file and immediately
unlinks it, but the file is world-readable for a short time.
Doesn't it (ksh93, etc) pay attention to umask?
If it does, the script should use that feature.
Both ksh variants honor the TMPDIR variable, though, so if you create a
~/tmp directory, chmod it so only you can access it, then set
TMPDIR=~/tmp , you will be secure even if you're using ksh93.
relatively (it's not a given that people haven't opened up ~/tmp)
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
pgpKiemVJGeeu.pgp
Description: PGP signature
Re: Ksh Shell script security question.
In the last episode (Feb 15), Thomas Dickey said:
On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote:
In the last episode (Feb 14), Dak Ghatikachalam said:
I am am puzzled how to secure this code when this shell script is
being executed.
${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE}
[...]
EOF
When I run this code from shell script in /tmp directory it spews
file called /tmp/sh03400.000 in that I have this entire code
visible.
I bet if you check the permissions you'll find the file has mode
0600, which means only the user running the script can read the
file (at least that's what a test using the pdksh port does on my
system). ksh93 does have a problem, though: it opens a file and
immediately unlinks it, but the file is world-readable for a short
time.
Doesn't it (ksh93, etc) pay attention to umask?
If it does, the script should use that feature.
It does honor umask, but I think temp files should be created mode 0600
in all cases. A person may have a umask of 022 to allow normal files
to be read by group members but still not want them to see
here-document contents. They may not even realize that their shell is
using tempfiles. Some shells use pipes (bash and ash do; zsh uses an
0600 tempfile that it immediately unlinks; Solaris sh uses an 0600
tempfile).
Both ksh variants honor the TMPDIR variable, though, so if you create a
~/tmp directory, chmod it so only you can access it, then set
TMPDIR=~/tmp , you will be secure even if you're using ksh93.
relatively (it's not a given that people haven't opened up ~/tmp)
I think if someone has gone to the trouble of creating a private ~/tmp
directory, they probably know what they're doing and know the
consequences of opening it up.
--
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ksh Shell script security question.( SOLVED)
On 2/15/07, Dan Nelson [EMAIL PROTECTED] wrote:
In the last episode (Feb 15), Thomas Dickey said:
On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote:
In the last episode (Feb 14), Dak Ghatikachalam said:
I am am puzzled how to secure this code when this shell script is
being executed.
${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE}
[...]
EOF
When I run this code from shell script in /tmp directory it spews
file called /tmp/sh03400.000 in that I have this entire code
visible.
I bet if you check the permissions you'll find the file has mode
0600, which means only the user running the script can read the
file (at least that's what a test using the pdksh port does on my
system). ksh93 does have a problem, though: it opens a file and
immediately unlinks it, but the file is world-readable for a short
time.
Doesn't it (ksh93, etc) pay attention to umask?
If it does, the script should use that feature.
It does honor umask, but I think temp files should be created mode 0600
in all cases. A person may have a umask of 022 to allow normal files
to be read by group members but still not want them to see
here-document contents. They may not even realize that their shell is
using tempfiles. Some shells use pipes (bash and ash do; zsh uses an
0600 tempfile that it immediately unlinks; Solaris sh uses an 0600
tempfile).
Both ksh variants honor the TMPDIR variable, though, so if you create
a
~/tmp directory, chmod it so only you can access it, then set
TMPDIR=~/tmp , you will be secure even if you're using ksh93.
relatively (it's not a given that people haven't opened up ~/tmp)
I think if someone has gone to the trouble of creating a private ~/tmp
directory, they probably know what they're doing and know the
consequences of opening it up.
I appreciate all your response.
Thanks a lot for insight on unix fundementals
The issue I had is solved by doing umask 077 at the start of the script,
so what it did was it created the temporary files with read+write for
owner of the file , and in my process I also create directories while RMAN
backup is being run, so that umask 077 for directory gave rwx for
directories while creation
This problem I had is solved now, it is secure
Thanks
Dak
--
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ksh Shell script security question.
I am am puzzled how to secure this code when this shell script is
being executed.
${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE}
connect system/ugo8990d
set heading off
set feedback off
set pagesize 500
select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY;
quit
EOF
When I run this code from shell script in /tmp directory it spews
file called /tmp/sh03400.000 in that I have this entire code visible.
Hi Dak,
The reason you can see the code in ${RESTOREFILE} is because of the
tee command. With `tee -a` you're actually asking to have the code
installed in ${RESTOREFILE}.
Now, one way to secure this is to set a restrictive umask at the start
of the script. For example, setting `umask 0077` will cause your
script to generate files which will only be read/write for the user
who runs the script. But the files will still have you username/passwd
in them.
To remove the username/passwd from the files, may I suggest you change
your code to include the username/passwd into the sqlplus command.
Like this for example:
export ORACLE_SID=your_oracle_sid
sqlplus ${USERNAME}/${PASSWORD} -s -EOF | tee -a ${RESTOREFILE}.
set heading off
set feedback off
set pagesize 500
select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY;
quit
EOF
This will still generate a file, but the username/password won't be
there. Of course, that means you need to hide your credentials in an
encrypted file eslwhere on your machine.
You can then setup code that will check the md5 sum of the password
file and use something like OpenSSL or GPG to encrypt/decrypt the
file.
Have fun,
David
--
David Robillard
UNIX systems administrator Oracle DBA
CISSP, RHCE Sun Certified Security Administrator
Montreal: +1 514 966 0122
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Ksh Shell script security question.
Hi Freebsd
I am am puzzled how to secure this code when this shell script is being
executed.
${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE}
connect system/ugo8990d
set heading off
set feedback off
set pagesize 500
select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY;
quit
EOF
When I run this code from shell script in /tmp directory it spews file
called /tmp/sh03400.000
in that I have this entire code visible.
connect system/ugo8990d
set heading off
set feedback off
set pagesize 500
select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY;
quit
How do I secure that part of code, between
those EOF start and end.
It is just terrible to see the password all shown by the temporary file the
shell creates,just for security reasons I dont want any other users in
the system to view my code which contains the password.
If I have long running sql or large program anything I put in between EOF is
shown by these /tmp/sh* files
Any idea how to secure this
Thanks
Dak
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ksh Shell script security question.
In the last episode (Feb 14), Dak Ghatikachalam said:
I am am puzzled how to secure this code when this shell script is
being executed.
${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE}
connect system/ugo8990d
set heading off
set feedback off
set pagesize 500
select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY;
quit
EOF
When I run this code from shell script in /tmp directory it spews
file called /tmp/sh03400.000 in that I have this entire code visible.
I bet if you check the permissions you'll find the file has mode 0600,
which means only the user running the script can read the file (at
least that's what a test using the pdksh port does on my system).
ksh93 does have a problem, though: it opens a file and immediately
unlinks it, but the file is world-readable for a short time.
Both ksh variants honor the TMPDIR variable, though, so if you create a
~/tmp directory, chmod it so only you can access it, then set
TMPDIR=~/tmp , you will be secure even if you're using ksh93.
--
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
