|
From: | admin |
Subject: | Re: Potential Bash Script Vulnerability |
Date: | Mon, 08 Apr 2024 14:23:18 +0300 |
User-agent: | Roundcube Webmail/1.6.0 |
On 2024-04-08 14:02, Greg Wooledge wrote:
On Mon, Apr 08, 2024 at 12:40:55PM +0700, Robert Elz wrote:or perhaps better just: main() { ... } ; main "$@"You'd want to add an "exit" as well, to protect against new lines of code being appended to the script.
Yes that is correct. it's far easier to add new lines then to edit the content unnoticed, since you would have to know where you can insert or replace something, eg. a comment.
Btw wouldn't it be possible (and worth) temporarily revoking write access to the user while it's being executed as root, and restoring original rights after execution? The problem isn't really how it's executed, but that it's writable during execution... This could of course leave the temporary rights if the process is killed...
Tibor
[Prev in Thread] | Current Thread | [Next in Thread] |