LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 08-01-2017, 03:52 AM   #1
andrew.comly
Member
 
Registered: Dec 2012
Distribution: Trisquel-Mini 7.0, Lubuntu 14.04, Debian lxde 8.0
Posts: 294
Blog Entries: 2

Rep: Reputation: 16
Question ABS Ch16 ex38b Tampering with Checksum Not Detected - Fix


PURPOSE
In Advanced Bash Scripting Ch16 example 38 the author gives the following exercise:
Quote:
This unfortunately means that when running this script on $PWD, tampering with the
checksum database file will not be detected.
Exercise: Fix this.
1ST IDEA
First I wondered where does the program exactly create the $dbfile database, and does it do so everytime, or does it only create $dbfile database under certain conditions.

I located the following codeblock in the "main" part of the program:
Code:
#VERIFY "$dbfile" DATABASE EXISTS AND IS READABLE.
  if [ ! -r "$dbfile" ]
    then
      ...
      set_up_database
  fi
(I edited the comments to make things more clear) Thus we all can see that if you run this program 2 or more times, being that the $dbfile database already exists the program won't re-create nor write over the $dbfile database. '

I then thought of adding the codeblock
Code:
echo "$(md5sum ${dbfile})" >>${dbfile}
This can't work since: '
  1. Above command first generates the md5sum for the original $dbfile database;
  2. writes this md5sum to the last line of $dbfile database;
But by writing this md5sum to $dbfile database, that in itself then changes the md5sum of the $dbfile database. Thus the file will never match when running the program again next time.

2ND IDEA
I second idea is to export the md5sum to a variable, such as in the below codeblock:
Code:
#VERIFY "$dbfile" DATABASE EXISTS AND IS READABLE.
  if [ ! -r "$dbfile" ]; then
	echo "Setting up database file, \""$directory"/"$dbfile"\"."; echo
	set_up_database
	wait
	export md5LastVal="$(md5sum ${dbfile})"
  else
	md5CurrVal="$(md5sum ${dbfile})"
	wait
	  if [ ${md5CurrVal} == ${md5LastVal} ]; then
	    echo "Current Value of ${dbfile} equals its last file"
	    echo
	    echo "Doesn't match!!"
	  fi
...
fi
But this naturally fails:
Code:
$ echo $md5LastVal
  {blank}
due to export's child process principle, expounded in Ch 4.4 Special Variable Types: '
Quote:
A script can export variables only to child processes, that is, only to commands or
processes which that particular script initiates. A script invoked from the
command-line cannot export variables back to the command-line environment.
Child processes cannot export variables back to the parent processes that spawned
them.
 
Old 08-01-2017, 04:00 AM   #2
andrew.comly
Member
 
Registered: Dec 2012
Distribution: Trisquel-Mini 7.0, Lubuntu 14.04, Debian lxde 8.0
Posts: 294
Blog Entries: 2

Original Poster
Rep: Reputation: 16
Talking [Solved] Fixed

[Solved] Fixed
3rd IDEA
Then I thought of outputing $dbfile's last md5sum value to a single log in that directory. But that wouldn't work since then in the function "set_up_database" the md5sum "${directory}"/* >> "$dbfile" code line would end up making and changing the md5sum for this log, causing a checksum error. I then wondered whether or not that same codeline would check a hidden file or not:
Code:
$ md5sum File_record.md5 >.pistachio.log
~/workshop/ee/unit5$ nl .pistachio.log
     1	9f114cd31a61e098ccf658b03b3eb56c  File_record.md5
~/workshop/ee/unit5$ md5sum ./*
ecca0de7a878c134a809e86d9eff9f3d  ./a bear.txt
466160603f342a43fc9ef653eb78e1e7  ./a.txt
ff0376a623f4fdb48a3b139aa479ed4c  ./b.txt
e83841851465fccda716bf2ee6c5e1e1  ./c.txt
02a78f27c4025a338ebf188b8124a40a  ./d.txt
3bf1aa2b8485a06f59e16c9c2c9f7ec7  ./e.txt
9f114cd31a61e098ccf658b03b3eb56c  ./File_record.md5
c63fbf4f1f0aff71ccd396f96ee593bd  ./f.txt
This looks really good, ".pistachio.log" wasn't detected! '

I then made the following additions to example 38:
  1. Add to main programs' Variables '
    Code:
    hiddenName=pistachio
    wait
    hiddenLog=".${hiddenName}.log"
  2. Add to the end of check_database function
    Code:
    #VERIFY CHECKSUMS CONGRUENT
      #VARIABLES
        md5OrigVal="$(cat ${hiddenLog})"
        md5CurrVal="$(md5sum ${dbfile})"
        wait
    
    #COMPARE CHECKSUMS
      if [[ -f ${hiddenLog} ]]; then
        if [[ "${md5CurrVal}" == "${md5OrigVal}" ]]; then
          echo "${dbfile} current checksum verified."
        else
          echo "${dbfile} was tampered with!!"
        fi
      else
        echo "${hiddenLog} missing!"
      fi
  3. Add following codeblock to end of set_up_database function:
    Code:
    #Add current ${dbfile}'s checksum into hidden file for future reference			'
      md5sum "${dbfile}" >"${hiddenLog}"

CONCLUSION
The following results show that my solution above can solve the intended fix:
Tamper with $dbfile
Code:
$ ls -la
total 48
drwxrwxr-x 2 a a  4096  8月  1 14:12 .
drwx--x--x 7 a a  4096  7月 25 17:21 ..
-rw-rw-r-- 1 a a  1261  7月 26 15:25 a bear.txt
-rw-rw-r-- 1 a a   295  7月 26 15:25 a.txt
-rw------- 1 a a   328  7月 31 12:01 b.txt
-rw------- 1 a a   600  7月 26 15:27 c.txt
-rw------- 1 a a   126  7月 26 15:27 d.txt
-rw------- 1 a a 15438  7月 26 15:29 e.txt
-rw-rw-r-- 1 a a    13  7月 30 08:24 f.txt
$ /usr/local/bin/Ch16-38CheckFileIntegrity_Orig2.sh
 Running file integrity check on /home/a/workshop/ee/unit5

Setting up database file, "/home/a/workshop/ee/unit5/File_record.md5".

md5sum: /home/a/workshop/ee/unit5/a: No such file or directory
/home/a/workshop/ee/unit5/a:	CHECKSUM ERROR!
/home/a/workshop/ee/unit5/a.txt:	Unchanged.
/home/a/workshop/ee/unit5/b.txt:	Unchanged.
/home/a/workshop/ee/unit5/c.txt:	Unchanged.
/home/a/workshop/ee/unit5/d.txt:	Unchanged.
/home/a/workshop/ee/unit5/e.txt:	Unchanged.
/home/a/workshop/ee/unit5/f.txt:	Unchanged.
File_record.md5 current checksum verified.

$ ls -la
total 56
drwxrwxr-x 2 a a  4096  8月  1 14:12 .
drwx--x--x 7 a a  4096  7月 25 17:21 ..
-rw-rw-r-- 1 a a  1261  7月 26 15:25 a bear.txt
-rw-rw-r-- 1 a a   295  7月 26 15:25 a.txt
-rw------- 1 a a   328  7月 31 12:01 b.txt
-rw------- 1 a a   600  7月 26 15:27 c.txt
-rw------- 1 a a   126  7月 26 15:27 d.txt
-rw------- 1 a a 15438  7月 26 15:29 e.txt
-rw-rw-r-- 1 a a   569  8月  1 14:12 File_record.md5
-rw-rw-r-- 1 a a    13  7月 30 08:24 f.txt
-rw-rw-r-- 1 a a    50  8月  1 14:12 .pistachio.log
$ echo 
$ md5sum File_record.md5 
9f114cd31a61e098ccf658b03b3eb56c  File_record.md5
$ echo walnut >>File_record.md5
$ md5sum File_record.md5 
b1d9773685a97a1eefe6159f562b33d4  File_record.md5
$ ls -la
total 56
drwxrwxr-x 2 a a  4096  8月  1 14:12 .
drwx--x--x 7 a a  4096  7月 25 17:21 ..
-rw-rw-r-- 1 a a  1261  7月 26 15:25 a bear.txt
-rw-rw-r-- 1 a a   295  7月 26 15:25 a.txt
-rw------- 1 a a   328  7月 31 12:01 b.txt
-rw------- 1 a a   600  7月 26 15:27 c.txt
-rw------- 1 a a   126  7月 26 15:27 d.txt
-rw------- 1 a a 15438  7月 26 15:29 e.txt
-rw-rw-r-- 1 a a   576  8月  1 14:28 File_record.md5
-rw-rw-r-- 1 a a    13  7月 30 08:24 f.txt
-rw-rw-r-- 1 a a    50  8月  1 14:12 .pistachio.log
$ /usr/local/bin/Ch16-38CheckFileIntegrity_Orig2.sh
 Running file integrity check on /home/a/workshop/ee/unit5

md5sum: /home/a/workshop/ee/unit5/a: No such file or directory
/home/a/workshop/ee/unit5/a:	CHECKSUM ERROR!
/home/a/workshop/ee/unit5/a.txt:	Unchanged.
/home/a/workshop/ee/unit5/b.txt:	Unchanged.
/home/a/workshop/ee/unit5/c.txt:	Unchanged.
/home/a/workshop/ee/unit5/d.txt:	Unchanged.
/home/a/workshop/ee/unit5/e.txt:	Unchanged.
/home/a/workshop/ee/unit5/f.txt:	Unchanged.
md5sum: : No such file or directory
basename: missing operand
Try 'basename --help' for more information.
:	CHECKSUM ERROR!
File_record.md5 was tampered with!!
Delete hidden file (containing $dbfile's checksum) '
Code:
$ ls -la
total 56
drwxrwxr-x 2 a a  4096  8月  1 14:12 .
drwx--x--x 7 a a  4096  7月 25 17:21 ..
-rw-rw-r-- 1 a a  1261  7月 26 15:25 a bear.txt
-rw-rw-r-- 1 a a   295  7月 26 15:25 a.txt
-rw------- 1 a a   328  7月 31 12:01 b.txt
-rw------- 1 a a   600  7月 26 15:27 c.txt
-rw------- 1 a a   126  7月 26 15:27 d.txt
-rw------- 1 a a 15438  7月 26 15:29 e.txt
-rw-rw-r-- 1 a a    13  7月 30 08:24 f.txt
$ /usr/local/bin/Ch16-38CheckFileIntegrity_Orig2.sh
 Running file integrity check on /home/a/workshop/ee/unit5

Setting up database file, "/home/a/workshop/ee/unit5/File_record.md5".

md5sum: /home/a/workshop/ee/unit5/a: No such file or directory
/home/a/workshop/ee/unit5/a:	CHECKSUM ERROR!
/home/a/workshop/ee/unit5/a.txt:	Unchanged.
/home/a/workshop/ee/unit5/b.txt:	Unchanged.
/home/a/workshop/ee/unit5/c.txt:	Unchanged.
/home/a/workshop/ee/unit5/d.txt:	Unchanged.
/home/a/workshop/ee/unit5/e.txt:	Unchanged.
/home/a/workshop/ee/unit5/f.txt:	Unchanged.
File_record.md5 current checksum verified.

$ rm .pistachio.log
$ /usr/local/bin/Ch16-38CheckFileIntegrity_Orig2.sh
 Running file integrity check on /home/a/workshop/ee/unit5

md5sum: /home/a/workshop/ee/unit5/a: No such file or directory
/home/a/workshop/ee/unit5/a:	CHECKSUM ERROR!
/home/a/workshop/ee/unit5/a.txt:	Unchanged.
/home/a/workshop/ee/unit5/b.txt:	Unchanged.
/home/a/workshop/ee/unit5/c.txt:	Unchanged.
/home/a/workshop/ee/unit5/d.txt:	Unchanged.
/home/a/workshop/ee/unit5/e.txt:	Unchanged.
/home/a/workshop/ee/unit5/f.txt:	Unchanged.
cat: .pistachio.log: No such file or directory
.pistachio.log missing!
CONCLUSION
Naturally the file "a bear.txt" can't possibly work, since filenames with spaces are known to cause problems on linux. But I was able to detect the above two basic tampering situations of the $dbfile with the above solution. '
 
  


Reply

Tags
checksum, detection, hacked


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ABS Ch16 ex38 Check File Integrity andrew.comly Programming 9 08-01-2017 12:40 AM
[SOLVED] ABS Ch16-16 "from.sh" broken for paths with spaces andrew.comly Programming 2 05-18-2017 08:29 AM
abs error: core.abs.tar.gz no such file or directory Thaidog Arch 1 06-14-2011 10:20 PM
Downloaded .txt files don't match checksum - ASCII? How to fix? Honeysuckle Linux - Newbie 11 05-09-2008 12:01 AM
Can't fix this checksum error ! Binary File ! My VERY FIRST Question ! help pls !!!! Zaher Programming 1 03-20-2006 09:35 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 06:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration