Re: Ksh Shell script security question.
On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: In the last episode (Feb 14), Dak Ghatikachalam said: I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE} connect system/ugo8990d set heading off set feedback off set pagesize 500 select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; quit EOF When I run this code from shell script in /tmp directory it spews file called /tmp/sh03400.000 in that I have this entire code visible. I bet if you check the permissions you'll find the file has mode 0600, which means only the user running the script can read the file (at least that's what a test using the pdksh port does on my system). ksh93 does have a problem, though: it opens a file and immediately unlinks it, but the file is world-readable for a short time. Doesn't it (ksh93, etc) pay attention to umask? If it does, the script should use that feature. Both ksh variants honor the TMPDIR variable, though, so if you create a ~/tmp directory, chmod it so only you can access it, then set TMPDIR=~/tmp , you will be secure even if you're using ksh93. relatively (it's not a given that people haven't opened up ~/tmp) -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net pgpKiemVJGeeu.pgp Description: PGP signature
Re: Ksh Shell script security question.
In the last episode (Feb 15), Thomas Dickey said: On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: In the last episode (Feb 14), Dak Ghatikachalam said: I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE} [...] EOF When I run this code from shell script in /tmp directory it spews file called /tmp/sh03400.000 in that I have this entire code visible. I bet if you check the permissions you'll find the file has mode 0600, which means only the user running the script can read the file (at least that's what a test using the pdksh port does on my system). ksh93 does have a problem, though: it opens a file and immediately unlinks it, but the file is world-readable for a short time. Doesn't it (ksh93, etc) pay attention to umask? If it does, the script should use that feature. It does honor umask, but I think temp files should be created mode 0600 in all cases. A person may have a umask of 022 to allow normal files to be read by group members but still not want them to see here-document contents. They may not even realize that their shell is using tempfiles. Some shells use pipes (bash and ash do; zsh uses an 0600 tempfile that it immediately unlinks; Solaris sh uses an 0600 tempfile). Both ksh variants honor the TMPDIR variable, though, so if you create a ~/tmp directory, chmod it so only you can access it, then set TMPDIR=~/tmp , you will be secure even if you're using ksh93. relatively (it's not a given that people haven't opened up ~/tmp) I think if someone has gone to the trouble of creating a private ~/tmp directory, they probably know what they're doing and know the consequences of opening it up. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ksh Shell script security question.( SOLVED)
On 2/15/07, Dan Nelson [EMAIL PROTECTED] wrote: In the last episode (Feb 15), Thomas Dickey said: On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: In the last episode (Feb 14), Dak Ghatikachalam said: I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE} [...] EOF When I run this code from shell script in /tmp directory it spews file called /tmp/sh03400.000 in that I have this entire code visible. I bet if you check the permissions you'll find the file has mode 0600, which means only the user running the script can read the file (at least that's what a test using the pdksh port does on my system). ksh93 does have a problem, though: it opens a file and immediately unlinks it, but the file is world-readable for a short time. Doesn't it (ksh93, etc) pay attention to umask? If it does, the script should use that feature. It does honor umask, but I think temp files should be created mode 0600 in all cases. A person may have a umask of 022 to allow normal files to be read by group members but still not want them to see here-document contents. They may not even realize that their shell is using tempfiles. Some shells use pipes (bash and ash do; zsh uses an 0600 tempfile that it immediately unlinks; Solaris sh uses an 0600 tempfile). Both ksh variants honor the TMPDIR variable, though, so if you create a ~/tmp directory, chmod it so only you can access it, then set TMPDIR=~/tmp , you will be secure even if you're using ksh93. relatively (it's not a given that people haven't opened up ~/tmp) I think if someone has gone to the trouble of creating a private ~/tmp directory, they probably know what they're doing and know the consequences of opening it up. I appreciate all your response. Thanks a lot for insight on unix fundementals The issue I had is solved by doing umask 077 at the start of the script, so what it did was it created the temporary files with read+write for owner of the file , and in my process I also create directories while RMAN backup is being run, so that umask 077 for directory gave rwx for directories while creation This problem I had is solved now, it is secure Thanks Dak -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ksh Shell script security question.
I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE} connect system/ugo8990d set heading off set feedback off set pagesize 500 select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; quit EOF When I run this code from shell script in /tmp directory it spews file called /tmp/sh03400.000 in that I have this entire code visible. Hi Dak, The reason you can see the code in ${RESTOREFILE} is because of the tee command. With `tee -a` you're actually asking to have the code installed in ${RESTOREFILE}. Now, one way to secure this is to set a restrictive umask at the start of the script. For example, setting `umask 0077` will cause your script to generate files which will only be read/write for the user who runs the script. But the files will still have you username/passwd in them. To remove the username/passwd from the files, may I suggest you change your code to include the username/passwd into the sqlplus command. Like this for example: export ORACLE_SID=your_oracle_sid sqlplus ${USERNAME}/${PASSWORD} -s -EOF | tee -a ${RESTOREFILE}. set heading off set feedback off set pagesize 500 select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; quit EOF This will still generate a file, but the username/password won't be there. Of course, that means you need to hide your credentials in an encrypted file eslwhere on your machine. You can then setup code that will check the md5 sum of the password file and use something like OpenSSL or GPG to encrypt/decrypt the file. Have fun, David -- David Robillard UNIX systems administrator Oracle DBA CISSP, RHCE Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Ksh Shell script security question.
Hi Freebsd I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE} connect system/ugo8990d set heading off set feedback off set pagesize 500 select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; quit EOF When I run this code from shell script in /tmp directory it spews file called /tmp/sh03400.000 in that I have this entire code visible. connect system/ugo8990d set heading off set feedback off set pagesize 500 select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; quit How do I secure that part of code, between those EOF start and end. It is just terrible to see the password all shown by the temporary file the shell creates,just for security reasons I dont want any other users in the system to view my code which contains the password. If I have long running sql or large program anything I put in between EOF is shown by these /tmp/sh* files Any idea how to secure this Thanks Dak ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ksh Shell script security question.
In the last episode (Feb 14), Dak Ghatikachalam said: I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s EOF | tee -a ${RESTOREFILE} connect system/ugo8990d set heading off set feedback off set pagesize 500 select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; quit EOF When I run this code from shell script in /tmp directory it spews file called /tmp/sh03400.000 in that I have this entire code visible. I bet if you check the permissions you'll find the file has mode 0600, which means only the user running the script can read the file (at least that's what a test using the pdksh port does on my system). ksh93 does have a problem, though: it opens a file and immediately unlinks it, but the file is world-readable for a short time. Both ksh variants honor the TMPDIR variable, though, so if you create a ~/tmp directory, chmod it so only you can access it, then set TMPDIR=~/tmp , you will be secure even if you're using ksh93. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]