[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux_var] Bash e Taint Check

To: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>
Subject: Re: [linux_var] Bash e Taint Check
From: Giovanni Orlandi <orlangio@gmail.com>
Date: Mon, 9 Dec 2013 18:28:47 +0100
Authentication-results: linuxvar.it; dkim=pass (2048-bit key; insecure key) header.i=@gmail.com; dkim-adsp=pass
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ml.linuxvar.it; s=mail; t=1386610154; bh=VtVwgWwjCBjRk+tDN390PGlCgIaaDjCc0xamYE/iYxI=; h=MIME-Version:In-Reply-To:References:Date:From:To:Subject:Reply-To: List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; z=Received:=20from=20mail-wi0-f175.google.com=20(mail-wi0-f175.goog le.com=0D=0A=09[209.85.212.175])=20by=20linuxvar.it=20(Postfix)=20 with=20ESMTPS=20id=20463B13C3370=0D=0A=09for=20<talking@ml.linuxva r.it>=3B=20Mon,=20=209=20Dec=202013=2018:28:47=20+0100=20(CET)|Aut hentication-Results:=20linuxvar.it=3B=20dkim=3Dpass=20(2048-bit=20 key=3B=20insecure=20key)=0D=0A=09header.i=3D@gmail.com=3B=20dkim-a dsp=3Dpass|Received:=20by=20mail-wi0-f175.google.com=20with=20SMTP =20id=20hi5so4147478wib.14=0D=0A=09for=20<talking@ml.linuxvar.it>= 3B=20Mon,=2009=20Dec=202013=2009:28:47=20-0800=20(PST)|DKIM-Signat ure:=20v=3D1=3B=20a=3Drsa-sha256=3B=20c=3Drelaxed/relaxed=3B=20d=3 Dgmail.com=3B=20s=3D20120113=3B=0D=0A=09h=3Dmime-version:in-reply- to:references:date:message-id:subject:from:to=0D=0A=09:content-typ e:content-transfer-encoding=3B=0D=0A=09bh=3DNgbLUMogQk+FXO0tSTkxZb v0xI7Go/T1W9mkhNdK6SE=3D=3B=0D=0A=09b=3Dj0ljw0t9BIdcJJAlluJvHVNPz+ C9LqHrQL/v17NFmC+WQtxBCzWo3hGkegrG1zSNE0=0D=0A=09LLTRdQIkXdHaA0XoK 7C34ZDnZE8xvnZX+kmh0rb97+k5o2TfeCJYWlt70jugFsuZ0ZoX=0D=0A=093snASI yGPmJ/AkfhVUmRDpPVBX/eTBKF6U4QBNWFTUzHXgkIgY1M6xUGLCHxaicnggqu=0D= 0A=09w2SaGGArZzkZgUnQdW89JDKvtWzB4dr7osVDvvwU3XJOJkEwFMBCFTkrrqMJ3 6CwzNMy=0D=0A=09vD8iJ4LU+bemumZWzNN+6RbmEdN8SM/PQoW/GqzcSNfgNyWKi5 RhwGNJoDaHu6rIxPi/=0D=0A=09qxew=3D=3D|MIME-Version:=201.0|X-Receiv ed:=20by=2010.194.240.129=20with=20SMTP=20id=20wa1mr17008723wjc.31 .1386610127482=3B=20=0D=0A=09Mon,=2009=20Dec=202013=2009:28:47=20- 0800=20(PST)|Received:=20by=2010.194.83.232=20with=20HTTP=3B=20Mon ,=209=20Dec=202013=2009:28:47=20-0800=20(PST)|In-Reply-To:=20<52A5 FA68.50609@gmail.com>|References:=20<CAGod1SBWEX7YU85sC=3Deq0gS5MJ b0fD1UA-Ze0=3DH4Do40i87poA@mail.gmail.com>=0D=0A=09<52A5FA68.50609 @gmail.com>|Date:=20Mon,=209=20Dec=202013=2018:28:47=20+0100|From: =20Giovanni=20Orlandi=20<orlangio@gmail.com>|To:=20linux_var=20-=2 0LUG=20di=20Varese=20e=20Provincia=20Mailing=20List=20<talking@ml. linuxvar.it>|Subject:=20Re:=20[linux_var]=20Bash=20e=20Taint=20Che ck|X-BeenThere:=20talking@ml.linuxvar.it|X-Mailman-Version:=202.1. 13|Precedence:=20list|Reply-To:=20linux_var=20-=20LUG=20di=20Vares e=20e=20Provincia=20Mailing=20List=0D=0A=09<talking@ml.linuxvar.it >|List-Id:=20linux_var=20-=20LUG=20di=20Varese=20e=20Provincia=20M ailing=20List=0D=0A=09<talking.ml.linuxvar.it>|List-Unsubscribe:=2 0<http://ml.linuxvar.it/cgi-bin/mailman/options/talking>,=0D=0A=09 <mailto:talking-request@ml.linuxvar.it?subject=3Dunsubscribe>|List -Archive:=20<http://ml.linuxvar.it/pipermail/talking>|List-Post:=2 0<mailto:talking@ml.linuxvar.it>|List-Help:=20<mailto:talking-requ est@ml.linuxvar.it?subject=3Dhelp>|List-Subscribe:=20<http://ml.li nuxvar.it/cgi-bin/mailman/listinfo/talking>,=0D=0A=09<mailto:talki ng-request@ml.linuxvar.it?subject=3Dsubscribe>|Content-Type:=20tex t/plain=3B=20charset=3D"iso-8859-1"|Content-Transfer-Encoding:=20q uoted-printable|Sender:=20talking-bounces@ml.linuxvar.it|Errors-To :=20talking-bounces@ml.linuxvar.it; b=QQPGt+fLAgnBa02GtcsR1jFcQujy4/A2hBRCvqXx7VEzCV2tCsUdWouoQ7uWHrDTO 97riE7izSgnGo8ris7HeP5jYx7cxstRsA67TV6+ajgwzsoE3LvByQAAM3D6Ov6FSCF GtM2gaTgq8B+law8NDqAOG9nwtZiMG3DgcKaXmtI=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=NgbLUMogQk+FXO0tSTkxZbv0xI7Go/T1W9mkhNdK6SE=; b=j0ljw0t9BIdcJJAlluJvHVNPz+C9LqHrQL/v17NFmC+WQtxBCzWo3hGkegrG1zSNE0 LLTRdQIkXdHaA0XoK7C34ZDnZE8xvnZX+kmh0rb97+k5o2TfeCJYWlt70jugFsuZ0ZoX 3snASIyGPmJ/AkfhVUmRDpPVBX/eTBKF6U4QBNWFTUzHXgkIgY1M6xUGLCHxaicnggqu w2SaGGArZzkZgUnQdW89JDKvtWzB4dr7osVDvvwU3XJOJkEwFMBCFTkrrqMJ36CwzNMy vD8iJ4LU+bemumZWzNN+6RbmEdN8SM/PQoW/GqzcSNfgNyWKi5RhwGNJoDaHu6rIxPi/ qxew==
In-reply-to: <52A5FA68.50609@gmail.com>
List-archive: <http://ml.linuxvar.it/pipermail/talking>
List-help: <mailto:talking-request@ml.linuxvar.it?subject=help>
List-id: linux_var - LUG di Varese e Provincia Mailing List <talking.ml.linuxvar.it>
List-post: <mailto:talking@ml.linuxvar.it>
List-subscribe: <http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking>, <mailto:talking-request@ml.linuxvar.it?subject=subscribe>
List-unsubscribe: <http://ml.linuxvar.it/cgi-bin/mailman/options/talking>, <mailto:talking-request@ml.linuxvar.it?subject=unsubscribe>
References: <CAGod1SBWEX7YU85sC=eq0gS5MJb0fD1UA-Ze0=H4Do40i87poA@mail.gmail.com> <52A5FA68.50609@gmail.com>
Reply-to: linux_var - LUG di Varese e Provincia Mailing List <talking@ml.linuxvar.it>
Sender: talking-bounces@ml.linuxvar.it

ma iptables mi sembrerebbe comunque tanto, metti che mi fanno redirect
/ DNAT / MASQUERADE / etc...
sai quanto si possono divertire con solo "iptables"

NOTA: la macchina ha ip_forward abilitato


Il 09 dicembre 2013 18:14, Gianni Carabelli
<giannicarabelli@gmail.com> ha scritto:
> On 12/09/2013 05:40 PM, Giovanni Orlandi wrote:
>> Ciao a tutti,
>>
>> devo lanciare un semplice script da apache con sudo.
>> Pero' non vorrei che passando i parametri in maniera malevola mi
>> fragassero il server.
>> Volevo sapere se lo script e' sicuro o se si deve/puo' fare un taint check.
>>
>> Questo e' lo script, ovviamente apache avra' il diritto di eseguirlo con sudo:
>>
>> #!/bin/bash
>>
>> iptables -I FORWARD -d "$1" -j ACCEPT
>>
>> Quello che mi aspetto e' che la macchina indicata nel parametro $1
>> venga abilitata al forward. Quello che non vorrei è che attraverso
>> apici dritti/rovesciati mi eseguano comandi arbitrari.
>>
>> AIUTO AIUTO !
>>
>> Gio
>>
>>
>
> Non è abbastanza.
> Anzitutto io penserei al contrario.. dai ad apache l'utilizzo di *solo*
> iptables come root.
>
> altre cose le trovi qui:
>
> https://www.golemtechnologies.com/articles/shell-injection
>
>
> JohnnyRun
> _______________________________________________
> Talking mailing list
> Talking@ml.linuxvar.it
> http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking



-- 
-----------------------------------------------------------------------------------------
Luca 18,5 : "Poiché questa vedova è così molesta le farò giustizia,
perché non venga continuamente a importunarmi".
Neemia 8,10 : "...questo giorno è consacrato al nostro Signore; non
siate tristi; perché la gioia del Signore è la vostra forza".
GSM 345.6050488 / 327.0547392 / 392.0698126 - Fax 06.62204735
_______________________________________________
Talking mailing list
Talking@ml.linuxvar.it
http://ml.linuxvar.it/cgi-bin/mailman/listinfo/talking

References:
- [linux_var] Bash e Taint Check
  - From: Giovanni Orlandi <orlangio@gmail.com>
- Re: [linux_var] Bash e Taint Check
  - From: Gianni Carabelli <giannicarabelli@gmail.com>

Prev by Date: Re: [linux_var] Bash e Taint Check
Next by Date: Re: [linux_var] Serverino
Previous by thread: Re: [linux_var] Bash e Taint Check
Next by thread: Re: [linux_var] Bash e Taint Check
Index(es):
- Date
- Thread