ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Are you using the binary version of shc? You can compile it from scratch in cygwin.
Then, it generates a .c file from a bash script, and you can compile it and that should do the trick
if you are resorting to this, you most probably isn't using the correct method. The best way is to restrict who can or cannot use your script using permissions. you might also want to consider creating an interface, such as a web interface where you restrict user actions by a set of buttons and proper authentication.
Does not works for other server where binary is built
Dear All,
I am sitting on CentOS 5.4 64 Bit servers.
I need to convert a bash shell script to a binary since it has my passwords (for sudo / ssh) hardcoded.
I have found a way to get this done on the same server through this link.
Binary works well on the same server, but if I scp it to another server it works sometime and at time it does not. However, in the non working server if I execute the script (not binary) it works fine.
Any alternative method to get the binary working on all Linux servers (at least of same flavor) ?
I need to convert a bash shell script to a binary since it has my passwords (for sudo / ssh) hardcoded.
I'm sorry I cannot help you with your request, but I'm replying because I want you to be aware that converting a shell-script to binary is not going to mask your hard-coded passwords. The string literals will still be visible to anyone who can read the binary file. All they would have to do is use /usr/bin/od or other similar tool for dumping the contents of the binary file.
Thus, as one person hinted at earlier in this thread, the best security to prevent someone from perusing your file is to set the file permissions to the most restrictive setting. But the better choice would be to remove the passwords from the file; surely there are alternatives.
I'm sorry I cannot help you with your request, but I'm replying because I want you to be aware that converting a shell-script to binary is not going to mask your hard-coded passwords. The string literals will still be visible to anyone who can read the binary file. All they would have to do is use /usr/bin/od or other similar tool for dumping the contents of the binary file.
Thus, as one person hinted at earlier in this thread, the best security to prevent someone from perusing your file is to set the file permissions to the most restrictive setting. But the better choice would be to remove the passwords from the file; surely there are alternatives.
Thanks dwhitney67, I just checked through od and hexdump command, none of them showed the password.
$ hexdump swapcpu.sh.x | grep -i peter
$ od swapcpu.sh.x | grep -i peter
Surely, I can harden the permissions but I do not have an option to remove passwords.
Please help me with other alternatives. Thanks in advance.
you need to save the password in another file with minimal access rights and the shell will read info from that file. Also you can try to hide the path with some tricks (for example it is generated), but that can be catched by strace. Also you can use a server app to send such info, but you need to protect the communication also. And there can be other possibilities, but we do not know what this script do with that pw.
I'm sorry I cannot help you with your request, but I'm replying because I want you to be aware that converting a shell-script to binary is not going to mask your hard-coded passwords. The string literals will still be visible to anyone who can read the binary file. All they would have to do is use /usr/bin/od or other similar tool for dumping the contents of the binary file.
Well the manpage for shc says it "encodes and encrypts" the shell script. Of course the decryption key is inside the resultant file so it's still easy to get the password but you need to do a bit more than just dump the contents.
Well the manpage for shc says it "encodes and encrypts" the shell script. Of course the decryption key is inside the resultant file so it's still easy to get the password but you need to do a bit more than just dump the contents.
Yes, my bad... thoughts entered my mind before I actually did any research on the shc application.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.