All Questions
Tagged with shell-script security
51 questions
0
votes
1
answer
133
views
How to properly make eval safe?
I'm writing a shell script that changes its behavior based on the number of positional parameters passed
script.sh
if [ $# -eq 1 ]; then
if [ -f "$1" ]; then
validate='validate <&...
2
votes
2
answers
2k
views
Bash scripting: Last line - "exit" - necessary?
another basic, innocent question:
When you make a bash script, you could close it with, you could type in as last line
of the script, exit,
echo "Hello world!"
exit
, is it advised, should ...
- 213
0
votes
2
answers
719
views
Run shellcode as root in a buffer overflow attack?
I'm trying to exploit the following code:
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv){
char buffer[100];
strcpy(buffer, argv[1]);
return 0;
}
with ...
- 15
0
votes
2
answers
1k
views
Triggering "Reset Password" option in macOS Ventura for a specific account from the command line
I ran this command first to open the "Users and Groups" preferences on macOS Ventura:
open /System/Library/PreferencePanes/Accounts.prefPane
Next, I want to run a command that triggers the &...
- 11
0
votes
0
answers
27
views
Sourcing variables from a script file without executing code from that file [duplicate]
There are cases where a (Bash) script will need to import shell variables from another (untrusted?) script file.
For example:
#!/usr/bin/env bash
. /etc/lsb-release
#
#... make use of the contents of ...
- 618
0
votes
2
answers
135
views
Running a script when a particular command is run
I want to run "./dothis.sh" if someone executes "cat abc.txt"
Is there some way to do this without using alias?
I want to use this for strengthening security of some specific files ...
- 1
1
vote
1
answer
555
views
Generating more secure password with random-generated salt periodically?
Is there way to make passwords even more secure for ie.using schecluded Bash Script to change randomly-generated salt for the users' passwords for ie. two times per month without regular and ordinary ...
- 111
2
votes
0
answers
2k
views
Why would reading a passphrase from STDIN be disallowed but not from a PTY or argument?
I have a program that receives a secret passphrase. The options I have are to type it in manually on the terminal or to provide it as a command line argument. This makes it hard to automate in a ...
- 121
-2
votes
1
answer
1k
views
Passing an executable command using USER environmental variable
Is it possible to pass some executable shell code by setting env USER=..some code... ./script.sh, given that the script itself either uses echo $USER or tmpdir=/var/tmp/log-$USER
- 103
7
votes
1
answer
2k
views
Running script line by line automatically yet being asked before each line from second line onwards
I work on a script of about 20 lines which I find myself testing time and again by copy-pasting and executing line by line.
Instead of copying-pasting each line and hitting Enter to execute, I would ...
user149572
0
votes
2
answers
2k
views
How insecure is it passing a password to curl via cat
I have a script which executes curl many times.
I'd like to enter my password only once (so I don't want curl to ask for it on every execution).
I don't want the password to appear in process list or ...
2
votes
1
answer
2k
views
How to provide OAuth2 "Client ID" and "Client Secret" to an open-source bash script?
I was writing a bash script for Gmail that would authorize itself using OAuth2, and make API calls using the received tokens. It worked.
But now I'm stuck on thinking how to securely store the Client ...
- 329
0
votes
1
answer
258
views
How can I use the contents of a file, and each line of another file as arguments in a bash script, for a command line tool?
I have viewed the other questions which, were helpful, but do not answer my problem.
I am trying to write a script that can assist me with college work*. I have a file containing a hash which through, ...
4
votes
2
answers
505
views
Potential workaround to inotifywait can't produce NUL-delimited output
I'm currently writing a bash script that uses inotifywait to perform certain actions on a user-supplied list of files and directories.
It has come to my attention that unlike a lot of shell tools, ...
- 8,867
5
votes
1
answer
24k
views
CURL request using .netrc file
I am trying to write a script which is saving the credentials to a .netrc file and then it is reading from the file in order to pass them to a curl command and saves the returned cookie file for ...
- 860