[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux_var] Bash e Taint Check

To: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>
Subject: Re: [linux_var] Bash e Taint Check
From: Gianni Carabelli <giannicarabelli@gmail.com>
Date: Mon, 09 Dec 2013 18:14:16 +0100
Authentication-results: linuxvar.it; dkim=pass (2048-bit key; insecure key) header.i=@gmail.com; dkim-adsp=pass
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ml.linuxvar.it; s=mail; t=1386609280; bh=1CIq4JqaoVy2AzrN01JTpGFrzLV3ND/rNFJ0unF32B8=; h=Date:From:MIME-Version:To:References:In-Reply-To:Subject:Reply-To: List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; z=Received:=20from=20mail-ea0-f172.google.com=20(mail-ea0-f172.goog le.com=0D=0A=09[209.85.215.172])=20by=20linuxvar.it=20(Postfix)=20 with=20ESMTPS=20id=20D50083C155A=0D=0A=09for=20<talking@ml.linuxva r.it>=3B=20Mon,=20=209=20Dec=202013=2018:14:18=20+0100=20(CET)|Aut hentication-Results:=20linuxvar.it=3B=20dkim=3Dpass=20(2048-bit=20 key=3B=20insecure=20key)=0D=0A=09header.i=3D@gmail.com=3B=20dkim-a dsp=3Dpass|Received:=20by=20mail-ea0-f172.google.com=20with=20SMTP =20id=20q10so1717235ead.17=0D=0A=09for=20<talking@ml.linuxvar.it>= 3B=20Mon,=2009=20Dec=202013=2009:14:18=20-0800=20(PST)|DKIM-Signat ure:=20v=3D1=3B=20a=3Drsa-sha256=3B=20c=3Drelaxed/relaxed=3B=20d=3 Dgmail.com=3B=20s=3D20120113=3B=0D=0A=09h=3Dmessage-id:date:from:u ser-agent:mime-version:to:subject:references=0D=0A=09:in-reply-to: content-type:content-transfer-encoding=3B=0D=0A=09bh=3D3vrYblLFtPV b+FEJ4ojmxgaiBEOU4WS/GXWqeYqvDmA=3D=3B=0D=0A=09b=3DVj/mVRg9oefJlr1 KZ7qF1P3rgbCgI792jppTnN+cHqNn3gz0PKkPbUnULqUIZcUeN5=0D=0A=09ckdQ+y Dgko8IzgJwx6B3DiRJUNp1dJYGqmCps0By7J9Q0ciVq6pxvk0/4GY2a92Y7M5J=0D= 0A=09JiE+3DJhgdKVwU4TXBKsQ5sM5gMTbvSdJnvDkZys5hFvCtjL4i0TNJ0lUrc1M 8k0VSAA=0D=0A=09KsdDiwSzd5FBQyCjxZQYffFqtKLAipTP/RCM/OsR/Zguf90dST pvqoDijY0j+Rn5FZkO=0D=0A=09z9dmsARmfVmjp4hOAlPQfQtDtNLUaXRR45ntTcJ MtK9es+CozypD7bSFTylEbHlA42Tf=0D=0A=094SGQ=3D=3D|X-Received:=20by= 2010.14.193.132=20with=20SMTP=20id=20k4mr31734567een.55.1386609257 915=3B=0D=0A=09Mon,=2009=20Dec=202013=2009:14:17=20-0800=20(PST)|R eceived:=20from=20[192.168.74.71]=20(noc.ants.eu.=20[37.59.88.20]) =0D=0A=09by=20mx.google.com=20with=20ESMTPSA=20id=20a45sm31001449e em.6.2013.12.09.09.14.17=0D=0A=09for=20<talking@ml.linuxvar.it>=0D =0A=09(version=3DTLSv1=20cipher=3DECDHE-RSA-RC4-SHA=20bits=3D128/1 28)=3B=0D=0A=09Mon,=2009=20Dec=202013=2009:14:17=20-0800=20(PST)|D ate:=20Mon,=2009=20Dec=202013=2018:14:16=20+0100|From:=20Gianni=20 Carabelli=20<giannicarabelli@gmail.com>|User-Agent:=20Mozilla/5.0= 20(X11=3B=20Linux=20x86_64=3B=0D=0A=09rv:10.0.12)=20Gecko/20130116 =20Icedove/10.0.12|MIME-Version:=201.0|To:=20linux_var=20-=20LUG=2 0di=20Varese=20e=20Provincia=20Mailing=20List=20<talking@ml.linuxv ar.it>|References:=20<CAGod1SBWEX7YU85sC=3Deq0gS5MJb0fD1UA-Ze0=3DH 4Do40i87poA@mail.gmail.com>|In-Reply-To:=20<CAGod1SBWEX7YU85sC=3De q0gS5MJb0fD1UA-Ze0=3DH4Do40i87poA@mail.gmail.com>|Subject:=20Re:=2 0[linux_var]=20Bash=20e=20Taint=20Check|X-BeenThere:=20talking@ml. linuxvar.it|X-Mailman-Version:=202.1.13|Precedence:=20list|Reply-T o:=20linux_var=20-=20LUG=20di=20Varese=20e=20Provincia=20Mailing=2 0List=0D=0A=09<talking@ml.linuxvar.it>|List-Id:=20linux_var=20-=20 LUG=20di=20Varese=20e=20Provincia=20Mailing=20List=0D=0A=09<talkin g.ml.linuxvar.it>|List-Unsubscribe:=20<http://ml.linuxvar.it/cgi-b in/mailman/options/talking>,=0D=0A=09<mailto:talking-request@ml.li nuxvar.it?subject=3Dunsubscribe>|List-Archive:=20<http://ml.linuxv ar.it/pipermail/talking>|List-Post:=20<mailto:talking@ml.linuxvar. it>|List-Help:=20<mailto:talking-request@ml.linuxvar.it?subject=3D help>|List-Subscribe:=20<http://ml.linuxvar.it/cgi-bin/mailman/lis tinfo/talking>,=0D=0A=09<mailto:talking-request@ml.linuxvar.it?sub ject=3Dsubscribe>|Content-Type:=20text/plain=3B=20charset=3D"iso-8 859-1"|Content-Transfer-Encoding:=20quoted-printable|Sender:=20tal king-bounces@ml.linuxvar.it|Errors-To:=20talking-bounces@ml.linuxv ar.it; b=CQHocqqdakuRLKF/iPsjEqAHbqCMQdQZJO1Vd5IuJpYTWjw7WPR5rqCLeP+fSFJZ0 7MLtFKV/UvfmDVSOeG3iS9Lg4Hjn3crb3S4FRC5XPP6MAWpGtil1FrdYTxetAsb5xg DB80dbmpI/vrig+TDRqBRcpW9BBJ0zOOc0PDD3V4=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=3vrYblLFtPVb+FEJ4ojmxgaiBEOU4WS/GXWqeYqvDmA=; b=Vj/mVRg9oefJlr1KZ7qF1P3rgbCgI792jppTnN+cHqNn3gz0PKkPbUnULqUIZcUeN5 ckdQ+yDgko8IzgJwx6B3DiRJUNp1dJYGqmCps0By7J9Q0ciVq6pxvk0/4GY2a92Y7M5J JiE+3DJhgdKVwU4TXBKsQ5sM5gMTbvSdJnvDkZys5hFvCtjL4i0TNJ0lUrc1M8k0VSAA KsdDiwSzd5FBQyCjxZQYffFqtKLAipTP/RCM/OsR/Zguf90dSTpvqoDijY0j+Rn5FZkO z9dmsARmfVmjp4hOAlPQfQtDtNLUaXRR45ntTcJMtK9es+CozypD7bSFTylEbHlA42Tf 4SGQ==
In-reply-to: <CAGod1SBWEX7YU85sC=eq0gS5MJb0fD1UA-Ze0=H4Do40i87poA@mail.gmail.com>
List-archive: <http://ml.linuxvar.it/pipermail/talking>
List-help: <mailto:talking-request@ml.linuxvar.it?subject=help>
List-id: linux_var - LUG di Varese e Provincia Mailing List <talking.ml.linuxvar.it>
List-post: <mailto:talking@ml.linuxvar.it>
List-subscribe: <http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking>, <mailto:talking-request@ml.linuxvar.it?subject=subscribe>
List-unsubscribe: <http://ml.linuxvar.it/cgi-bin/mailman/options/talking>, <mailto:talking-request@ml.linuxvar.it?subject=unsubscribe>
References: <CAGod1SBWEX7YU85sC=eq0gS5MJb0fD1UA-Ze0=H4Do40i87poA@mail.gmail.com>
Reply-to: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>
Sender: talking-bounces@ml.linuxvar.it
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12

On 12/09/2013 05:40 PM, Giovanni Orlandi wrote:
> Ciao a tutti,
> 
> devo lanciare un semplice script da apache con sudo.
> Pero' non vorrei che passando i parametri in maniera malevola mi
> fragassero il server.
> Volevo sapere se lo script e' sicuro o se si deve/puo' fare un taint check.
> 
> Questo e' lo script, ovviamente apache avra' il diritto di eseguirlo con sudo:
> 
> #!/bin/bash
> 
> iptables -I FORWARD -d "$1" -j ACCEPT
> 
> Quello che mi aspetto e' che la macchina indicata nel parametro $1
> venga abilitata al forward. Quello che non vorrei è che attraverso
> apici dritti/rovesciati mi eseguano comandi arbitrari.
> 
> AIUTO AIUTO !
> 
> Gio
> 
> 

Non è abbastanza.
Anzitutto io penserei al contrario.. dai ad apache l'utilizzo di *solo*
iptables come root.

altre cose le trovi qui:

https://www.golemtechnologies.com/articles/shell-injection


JohnnyRun
_______________________________________________
Talking mailing list
Talking@ml.linuxvar.it
http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking

Follow-Ups:
- Re: [linux_var] Bash e Taint Check
  - From: Giovanni Orlandi <orlangio@gmail.com>

References:
- [linux_var] Bash e Taint Check
  - From: Giovanni Orlandi <orlangio@gmail.com>

Prev by Date: Re: [linux_var] Serverino
Next by Date: Re: [linux_var] Bash e Taint Check
Previous by thread: [linux_var] Bash e Taint Check
Next by thread: Re: [linux_var] Bash e Taint Check
Index(es):
- Date
- Thread