Grep output help needed

pinga123 · 05-22-2011, 10:56 PM

According to linux hardening guide a PATH variable must not contain . or ..
so i grep the path variable using.

Code:

# echo $PATH | grep "."
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
# echo $PATH | grep ".."
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

There are no . or .. in the PATH but still the output is produced.

I m little confused How its possible?

Code:

# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
# pwd
/usr/local/sbin

What logic can be applied to check the existence of . and .. in PATH variable?

syg00 · 05-22-2011, 11:01 PM

In that (simple) regex the dot means "any single character" - escape it with a backslash "\."

Telengard · 05-22-2011, 11:44 PM

Quote:

Originally Posted by syg00

In that (simple) regex the dot means "any single character" - escape it with a backslash "\."

Exactly. You could also enclose it in a character list where it loses its special meaning.

Code:

df_linux$ echo $PATH | grep '\.'
df_linux$ echo $PATH | grep '[.]'
df_linux$

HTH

grail · 05-22-2011, 11:57 PM

Not sure how exact you might want to be, but you could get a little more specific as whilst the above do work they will also capture something odd
like the following:

Code:

# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/tada.bin

Obviously this is pretty out of the ordinary, but in case you are interested:

Code:

echo $PATH | egrep ':[.]{1,2}[^:]*'

This also covers other weird ones that might be put in your PATH to cause havoc, like:

Code:

../../../../bad_news_bin

pinga123 · 05-23-2011, 12:13 AM

Hi that was helpful but now i m stuck at different problem.

Code:

# echo $PATH | grep '[..]'
/usr/kerberos/sbin::/usr/kerberos/bin:.:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

Any Idea would be very helpfull.

I have twicked Path variable for script testing.

Code:

# echo $PATH
/usr/kerberos/sbin::/usr/kerberos/bin:.:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

Its still showing it has .. in it.

Telengard · 05-23-2011, 12:26 AM

Quote:

Originally Posted by pinga123

Hi that was helpful but now i m stuck at different problem.

Code:

# echo $PATH | grep '[..]'
/usr/kerberos/sbin::/usr/kerberos/bin:.:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

Because that's not how a character list works. Each character list represents only one of the listed characters. Read the pages I linked for more information about character lists.

Try it like this:

Code:

echo $PATH | grep '[.][.]'

That will specifically only catch instances of two dots (.) in sequence.

Otherwise, just backslash escape the dots:

Code:

echo $PATH | grep '\.\.'

chrism01 · 05-23-2011, 12:34 AM

Well, ideally you don't want '::' or '.' or '..' in your path. The first is merely redundant, not a security issue AFAIK.
You can match a given num eg 2 of a char thus

Code:

t1="ffgg..bnm"
echo $t1 |grep '[.]\{2\}'

see here for some good examples http://www.robelle.com/smugbook/regexpr.html

MTK358 · 05-23-2011, 08:30 AM

@pinga123

You should learn how regular expressions work.

http://www.google.com/search?q=regul...=hp&channel=np

16pide · 05-23-2011, 12:10 PM

for fun, try this:

Code:

man man

or use vi to edit any text document
then type:

/.
see that everything is selected

/\.
now only the "." characters are selected

The magic of regular expressions...