One example is the rar command, the compression level is excellent and the recovery record feature that automatically allows for rebuilding blocks within a given threshold tolerance is very useful against bitrot and other anomalous occurrences.
However some command options in rar are downright scary, like the -vd option: "-vd Erase disk contents before creating volume. All files and directories on the target disk will be erased when ’−vd’ is used".
The -vd command option is bad by itself but the fact that another innocuous and useful command -vt list contents (verbose and technical) is a homonym gives chills.
The last thing I want to have happen to my 4TB hard drive is to have it wiped out because of a typo while I am trying to backup more of my important data to it.
So what to do about it? The answer was easy, create a simple script to wash the bad commands out using sed then wrap that with shc and set the permissions to 111 (execute only).
This concept can be expanded and adapted for any command, this is only a simple example, rar.bsh:
########################################################################
### These rar options (except for lt) are diabolical in my opinion and
### I have banned them from my system, modify this however you wish:
###
### -vd Erase disk contents before creating volume.All files and
### directories on the target disk will be erased when ’−vd’ is used.
### The switch applies only to removable media, the hard disk cannot
### be erased using this switch.
###
### −df Delete files after archiving. This switch in combination with the
### command "A" performs the same action as the command "M".
###
### v[t] Verbosely list archive [technical] because "what#$?.." "was
### that add -vd???"
### l[t] List content of archive [technical]. Files are listed as the ’v’
### command with the exception of the file path. i.e. the file name
### is displayed.
###
### d Delete files from archive.
##########################################################################
ORIG_CMD=''
### Quote/requote parameter quotes for eval
for arg in "$@";do ORIG_CMD="$ORIG_CMD \"${arg//\"/\\\"}\""; done
## Get rid of -vd -df -d and rewrite vt to lt and tell the user about it
SANITIZED_RAR_CMD="$(sed 's/-vd//g; s/ d //; s/ vd //; s/-vt/lt/g;
s/vt/lt/g; s/-df//g;' <<< "${ORIG_CMD}")"
if [ "$ORIG_CMD" == "$SANITIZED_RAR_CMD" ]; then
## Choose your own not easily guessed file name
eval "/usr/bin/.hide/rar_old_234290842348_ ${SANITIZED_RAR_CMD}"
else
echo "You tried something bad it was rewritten: $0 $SANITIZED_RAR_CMD"
read -p "(Press enter to continue or Ctl-C to break)..." -u 0 RESPONSE
eval "/usr/bin/.hide/rar_old_234290842348_ ${SANITIZED_RAR_CMD}"
fi
Next obtain a copy of SHC: SHC by Francisco Javier Rosales GarcĂa Create a binary executable of the shell script, be sure to use the Traceable flag or
it will create problems: $ shc -T -f rar.bsh $ ls rar.bsh rar.bsh.x The script now has been made into an executable, and has the .x extension. Now as root, create a new directory to hide the old rar and new script executables,
rename the old rar executable to a unique name for added security: # mkdir /usr/bin/.hide # mv -nv /usr/bin/rar /usr/bin/.hide/rar_old_234290842348_ # mv -nv rar.bsh.x /usr/bin/.hide/ # chmod 111 /usr/bin/.hide # chmod 111 /usr/bin/.hide/rar_old_234290842348_ /usr/bin/.hide/rar.bsh.x # ln -s /usr/bin/.hide/rar.bsh.x /usr/bin/rar Done! Now all users should be able to still use rar, yet no one has to worry about the scary options
being accidentally typed in and causing trouble!
No comments:
Post a Comment