[go: up one dir, main page]
|
|
Log in / Subscribe / Register

From O_MAYEXEC to trusted_for()

From O_MAYEXEC to trusted_for()

Posted Oct 2, 2020 8:38 UTC (Fri) by richiejp (guest, #111135)
In reply to: From O_MAYEXEC to trusted_for() by zarak
Parent article: From O_MAYEXEC to trusted_for()

Well the problem is not with -s in general, but using it when you could pass the file name instead. If you load the script contents into memory with `cat` and then pass it as an argument to Python with -s, Python can't check the original file with `trusted_for`. It either has to assume the script is trusted, disable -s or sh/cat needs to check the permissions before passing the data to Python. I suppose there is the same issue with passing data on stdio, which is mentioned in the article.

Also, on a partially related note, there was some buffer overflow or "stack smashing" attack involving large command lines and now the linux command line length is much more limited to prevent that, so you probably don't want to use `-s` in shell scripts unless it is a string of known length generated in the script or static.

BTW "most people" includes myself when I'm in a less trusted state.

to post comments

From O_MAYEXEC to trusted_for()

Posted Oct 2, 2020 8:41 UTC (Fri) by richiejp (guest, #111135) [Link]

I mean -c not -s xD

From O_MAYEXEC to trusted_for()

Posted Nov 3, 2020 20:53 UTC (Tue) by nix (subscriber, #2304) [Link]

Also, on a partially related note, there was some buffer overflow or "stack smashing" attack involving large command lines
This was incredibly annoying and continues to break my workflows to this day, but apparently not breaking userspace doesn't apply when it can be abused by attackers and it might be inconvenient to fix it.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds