Which script (was Re: comp.unix.questions)
Dr A. N. Walker
anw at maths.nott.ac.uk
Wed Sep 19 03:07:08 AEST 1990
In article <572 at DIALix.UUCP> bernie at DIALix.oz.au (Bernd Felsche) writes:
[re my comment that any script that determines how it was called is
easily spoofed]
>IMHO: Your shell is broken. Not my script. On all the real bourne
>shells I've tested this on (two so far) the results are dependent on
>the _environment_ PATH setting.
>
>Your shell is not using PATH as set in the environment, only its
>internal working space value.
Well, our PDP 11 is now deceased, so I can't run a *real*
Bourne shell [the one in pseudo Algol] without compiling up the source,
but I think you have misunderstood "my" result. Sorry if this was
caused by lack of clarity in the original; let me try again.
Suppose I am running a shell [A], and invoke a sub-shell [B].
In B, I set "PATH=/something/or/other", without exporting it. This
PATH is now used to find commands. I invoke a shell script "spoof".
This script is run with $0 set to "spoof", but it does *not* inherit
PATH from B. Thus "spoof" is actually "/something/or/other/spoof",
but there is nothing in the environment *of "spoof"* that enables it
to recover this information. In the shells instantly available to me,
PATH is in fact inherited from A, so anything that *"spoof"* does to
discover how it was called is likely to be wrong, depending on the
ingenuity of the PATH setting in A.
By working slightly harder (eg, writing a C program), "spoof"
can be supplied with whatever $0 and PATH (or anything else in the
environment, such as IFS) a bad guy likes. Thus, any shell script
that includes code like
case $0 in
foo) some command
esac
is insecure. Of course, code that searches "$PATH" is perfectly OK
for run-of-the-mill utility scripts, where only the caller is hurt
if the script does something unexpected.
--
Andy Walker, Maths Dept., Nott'm Univ., UK.
anw at maths.nott.ac.uk
More information about the Comp.unix.questions
mailing list