Anyone good with POSIX?
Alright, I'm trying to write a sudoers script that executes a file which writes a file like this
/usr/sbin/file "$(contents - can be anything)" "/path/to/writable/dir/$(a filepath)" the problem is that if someone simply puts "/../" in the path, they can edit ANY file. I just can't get sudoers to do what I want... |
the problem isn't sudo but your script syntax. maybe you can give an example...
|
Quote:
|
Quote:
Code:
filename=${filename//..\/} |
Thats the idea, ioerror...tell me more. I originally thought I could use POSIX in the sudoers file to check that that pattern was not in the inputed command...but how is it that you're thinking of doing it...and I do apologize for not being very specific in my inquiry...
Thanks, Scott |
You can't really put that sort of thing in the sudoers file as the syntax isn't really designed for it, it's intended to specify commands, rather than contain code itself.
Just out of curiosity, would it be possible to do what you want without using sudo? Perhaps group write permissions using a shared group? If that sort of thing won't cut the mustard and you want to use sudo, then the code snippet I gave above is a simple addition to your script. Actually, the way I showed before won't catch someone trying to use ../, it will just delete it from the path, which perhaps isn't ideal. You'll probably want to print some sort of error message or perhaps even log the attempt. Thus, maybe something like this near the top of your script: Code:
filename=$2 Is that the sort of thing you're after? |
Absolutely perfect. Thank you very much.
|
Quote:
Code:
echo ${filename//..\/} The second seems secure to me but I would maybe use /usr/bin/dirname |
All times are GMT -5. The time now is 10:52 PM. |