[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux_var] Bash e Taint Check
- To: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>
- Subject: [linux_var] Bash e Taint Check
- From: Giovanni Orlandi <orlangio@gmail.com>
- Date: Mon, 9 Dec 2013 17:40:29 +0100
- Authentication-results: linuxvar.it; dkim=pass (2048-bit key; insecure key) header.i=@gmail.com; dkim-adsp=pass
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ml.linuxvar.it; s=mail; t=1386607250; bh=D9r+WmB9TcaC8WyP7AOZwA4lSyGGSLDbW3Uh5KtCdEE=; h=MIME-Version:Date:From:To:Subject:Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; z=Received:=20from=20mail-wg0-f51.google.com=20(mail-wg0-f51.google .com=20[74.125.82.51])=0D=0A=09by=20linuxvar.it=20(Postfix)=20with =20ESMTPS=20id=20374083C31E1=0D=0A=09for=20<talking@ml.linuxvar.it >=3B=20Mon,=20=209=20Dec=202013=2017:40:30=20+0100=20(CET)|Authent ication-Results:=20linuxvar.it=3B=20dkim=3Dpass=20(2048-bit=20key= 3B=20insecure=20key)=0D=0A=09header.i=3D@gmail.com=3B=20dkim-adsp= 3Dpass|Received:=20by=20mail-wg0-f51.google.com=20with=20SMTP=20id =20b13so3641243wgh.6=0D=0A=09for=20<talking@ml.linuxvar.it>=3B=20M on,=2009=20Dec=202013=2008:40:29=20-0800=20(PST)|DKIM-Signature:=2 0v=3D1=3B=20a=3Drsa-sha256=3B=20c=3Drelaxed/relaxed=3B=20d=3Dgmail .com=3B=20s=3D20120113=3B=0D=0A=09h=3Dmime-version:date:message-id :subject:from:to:content-type=0D=0A=09:content-transfer-encoding=3 B=0D=0A=09bh=3D9biNzZKru+Z1dYhL7wjNeqcukx7QGOR62o8mawJw5hQ=3D=3B=0 D=0A=09b=3DvoNATrJdoEHxiynJh0Fqyht6IPaU9e7/KIRT2P2/hN4SuUMxZC9vYuM 6Ob53za8INC=0D=0A=09xGvvgMs4c9Vc7OxMKvJLbIa0hDH+Umm5wKnZ6VKgeyLcBT ZVbqkzHPkrjm9fN0jMFpiU=0D=0A=09asSoX8jO/zLiGQtjRy5K2Y1JwfXNP2CGCGG GnIyMPnDLr/OIjwnC1htwo7Uap9k8g486=0D=0A=09uTILCXHY0DA8uL0t2eME10Z1 wiIskD9R+wGmSyZlh//YBFbznA+u+7pLrr192jHkwQCp=0D=0A=09I4twwYPXJu1EE ry3s874I/B9+Rmw5fMFc5so6LexHyKfLqnB2Xh1vof+qt+zZxA5E7G5=0D=0A=09I8 pg=3D=3D|MIME-Version:=201.0|X-Received:=20by=2010.180.187.229=20w ith=20SMTP=20id=20fv5mr15176362wic.24.1386607229236=3B=20=0D=0A=09 Mon,=2009=20Dec=202013=2008:40:29=20-0800=20(PST)|Received:=20by=2 010.194.83.232=20with=20HTTP=3B=20Mon,=209=20Dec=202013=2008:40:29 =20-0800=20(PST)|Date:=20Mon,=209=20Dec=202013=2017:40:29=20+0100| From:=20Giovanni=20Orlandi=20<orlangio@gmail.com>|To:=20linux_var= 20-=20LUG=20di=20Varese=20e=20Provincia=20Mailing=20List=20<talkin g@ml.linuxvar.it>|Subject:=20[linux_var]=20Bash=20e=20Taint=20Chec k|X-BeenThere:=20talking@ml.linuxvar.it|X-Mailman-Version:=202.1.1 3|Precedence:=20list|Reply-To:=20linux_var=20-=20LUG=20di=20Varese =20e=20Provincia=20Mailing=20List=0D=0A=09<talking@ml.linuxvar.it> |List-Id:=20linux_var=20-=20LUG=20di=20Varese=20e=20Provincia=20Ma iling=20List=0D=0A=09<talking.ml.linuxvar.it>|List-Unsubscribe:=20 <http://ml.linuxvar.it/cgi-bin/mailman/options/talking>,=0D=0A=09< mailto:talking-request@ml.linuxvar.it?subject=3Dunsubscribe>|List- Archive:=20<http://ml.linuxvar.it/pipermail/talking>|List-Post:=20 <mailto:talking@ml.linuxvar.it>|List-Help:=20<mailto:talking-reque st@ml.linuxvar.it?subject=3Dhelp>|List-Subscribe:=20<http://ml.lin uxvar.it/cgi-bin/mailman/listinfo/talking>,=0D=0A=09<mailto:talkin g-request@ml.linuxvar.it?subject=3Dsubscribe>|Content-Type:=20text /plain=3B=20charset=3D"iso-8859-1"|Content-Transfer-Encoding:=20qu oted-printable|Sender:=20talking-bounces@ml.linuxvar.it|Errors-To: =20talking-bounces@ml.linuxvar.it; b=pPTDJqwgLe+fiYtPKNAyKQN2IY9Ernx9C+38CSVwBvS8fUJKtjx3GiIDRWDIa07Jf XCF/HCiWD8kdCw7hid8GGonyREtxgSEQZK7v5Uwd+876KLXgAGX7G6Wu6CQG4MGGjQ uK7lAVCyQLjZcL92ZV1CcDdnE65fHJqmPwNdATeg=
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=9biNzZKru+Z1dYhL7wjNeqcukx7QGOR62o8mawJw5hQ=; b=voNATrJdoEHxiynJh0Fqyht6IPaU9e7/KIRT2P2/hN4SuUMxZC9vYuM6Ob53za8INC xGvvgMs4c9Vc7OxMKvJLbIa0hDH+Umm5wKnZ6VKgeyLcBTZVbqkzHPkrjm9fN0jMFpiU asSoX8jO/zLiGQtjRy5K2Y1JwfXNP2CGCGGGnIyMPnDLr/OIjwnC1htwo7Uap9k8g486 uTILCXHY0DA8uL0t2eME10Z1wiIskD9R+wGmSyZlh//YBFbznA+u+7pLrr192jHkwQCp I4twwYPXJu1EEry3s874I/B9+Rmw5fMFc5so6LexHyKfLqnB2Xh1vof+qt+zZxA5E7G5 I8pg==
- List-archive: <http://ml.linuxvar.it/pipermail/talking>
- List-help: <mailto:talking-request@ml.linuxvar.it?subject=help>
- List-id: linux_var - LUG di Varese e Provincia Mailing List <talking.ml.linuxvar.it>
- List-post: <mailto:talking@ml.linuxvar.it>
- List-subscribe: <http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking>, <mailto:talking-request@ml.linuxvar.it?subject=subscribe>
- List-unsubscribe: <http://ml.linuxvar.it/cgi-bin/mailman/options/talking>, <mailto:talking-request@ml.linuxvar.it?subject=unsubscribe>
- Reply-to: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>
- Sender: talking-bounces@ml.linuxvar.it
Ciao a tutti,
devo lanciare un semplice script da apache con sudo.
Pero' non vorrei che passando i parametri in maniera malevola mi
fragassero il server.
Volevo sapere se lo script e' sicuro o se si deve/puo' fare un taint check.
Questo e' lo script, ovviamente apache avra' il diritto di eseguirlo con sudo:
#!/bin/bash
iptables -I FORWARD -d "$1" -j ACCEPT
Quello che mi aspetto e' che la macchina indicata nel parametro $1
venga abilitata al forward. Quello che non vorrei è che attraverso
apici dritti/rovesciati mi eseguano comandi arbitrari.
AIUTO AIUTO !
Gio
--
-----------------------------------------------------------------------------------------
Luca 18,5 : "Poiché questa vedova è così molesta le farò giustizia,
perché non venga continuamente a importunarmi".
Neemia 8,10 : "...questo giorno è consacrato al nostro Signore; non
siate tristi; perché la gioia del Signore è la vostra forza".
GSM 345.6050488 / 327.0547392 / 392.0698126 - Fax 06.62204735
_______________________________________________
Talking mailing list
Talking@ml.linuxvar.it
http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking