Avoiding Common Security Problems
Problem
You want to avoid common security problems in your scripting.
Solution
Validate all external input, including interactive input and that
from configuration files and interactive use. In particular, never
eval input that you have not checked
very thoroughly.
Use secure temporary files, ideally in secure temporary directories.
Make sure you are using trusted external executables.
Discussion
In a way, this recipe barely scratches the surface of scripting and system security. Yet it also covers the most common security problems you’ll find.
Data validation, or rather the lack of it, is a huge deal in computer
security right now. This is the problem that leads to buffer overflows, which are by far the most common class
of exploit going around. bash doesn’t suffer from
this issue in the same way that C does, but the concepts are the same.
In the bash world it’s more likely that unvalidated
input will contain something like ;rm-rf/ than a buffer over-flow; however,
neither is welcome. Validate your data!
Race conditions are another big issue, closely tied to the problem of an attacker gaining an ability to write over unexpected files. A race condition exists when two or more separate events must occur in the correct order at the correct time without external interference. They often result in providing an unprivileged user with read and/or write access to files they shouldn’t be able to access, which in turn can result in so-called privilege escalation, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access