A few more stamps to add to the collection (be sure to read up on them before use):
1) reset the command hash
hash -r
2) prevent core dumps
ulimit -H -c0
3) set the IFS
4) clear all aliases (see unalias -a)
Also you can remove the ALL from sudo and add explicit commands to the the sudoers file. There's a lot of fine tuning you can do in sudoers - inc. env variables as teekay said.
But I'm no expert so best to check all of the above.
]]>Regarding environment variables, read the sudo man pages, as by default they do get unset unless specified otherwhise.
]]>At this point I know a bunch of tricks and general advice for securing shell scripts, e.g.
- Use #!/bin/sh - (or equivalent) to make it harder to pass shell options
- Set various environment variables (e.g. PATH, IFS, LD_PRELOAD) to sane values (or maybe just unset the whole environment?)
- Use absolute paths wherever possible
- Quote or otherwise delimit all user input
- Never run user input (e.g. with eval)
But this is stamp collecting, not security. Just following a bunch of rules will probably not provide reasonable protection when dealing with scripts that run privileged.
So, what should I watch out for in privileged scripts? What flaws can come back to bite me, even if I follow all the usual common-sense rules?
Moreover, should I even be thinking of using shell scripts for privileged functions?
]]>