home.social

#bashsecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #bashsecurity, aggregated by home.social.

  1. Think @[email protected] ·

    Day 2/60 #BashSecurity -- Variables and types

    Bash's "type system" is: everything is a string. This causes real security issues.

    ```bash
    # This is an injection vulnerability:
    user_in="file.txt; cat /etc/shadow"
    grep $user_in /var/log/auth.log

    # This is safe:
    grep "$user_in" /var/log/auth.log
    ```

    Other gotchas:
    - `declare -i num=5; num="abc"` silently sets num to 0
    - `export SECRET` makes it readable via /proc/self/environ
    - `readonly CFG=/etc/app` prevents runtime tampering
    - `x = 5` (with spaces) runs x as a command, not assignment

    Quote every expansion. Validate every input. Trust nothing.

    #InfoSec #CyberSecurity #Linux #ShellScripting

    #shellscripting #linux #cybersecurity #infosec #bashsecurity