#!/bin/bash
ipaddr=${1}
rdlnk=$(readlink /proc/$$/fd/0)
user=""
passwd=""
function get_input() {
if grep -Eq "^pipe:|deleted" <<< "${rdlnk}" || [[ -p "${rdlnk}" ]]; then
while IFS= read -r piped_input || break; do
[[ -z "${ipaddr}" ]] && ipaddr="${piped_input}" && continue
[[ -z "${user}" ]] && user="${piped_input}" && continue
[[ -z "${passwd}" ]] && passwd="${piped_input}" && continue
done
fi
echo "Got that IP address you gave me to work on: ${ipaddr}"
[[ -n "${user}" ]] && echo "[... and that user: ${user}]"
[[ -n "${user}" ]] && echo "[... and that users password: ${passwd}]"
}
get_input
exit 0
$> process_ip.bsh 71.123.123.3
Got that IP address you gave me to work on: 71.123.123.3
But, put the parent into a piped loop and watch out:
$ echo -en "71.123.123.3\nroot\ntoor\n" | while read a; do echo "Parent loop, processing: ${a}"; grep -q '^[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}' <<< "${a}" && ./process_ip.bsh "$a"; done
Parent loop, processing: 71.123.123.3
Got that IP address you gave me to work on: 71.123.123.3
[... and that user: root]
[... and that users password: toor]
Ouch. The parent only wanted to provide the IP Address from its pipe to the child. Presuming that the parent must maintain an open pipe with sensitive data in it at the time of the fork to the child process. How can this be prevented? Unfortunately, inheriting a parents fd's is a POSIX standard that is not easily moved. The best way to handle this is to provide yet another pipe on fd0 from the parent, since the most recent will be the one dup'd. E.g. ./process_ip.bsh "$a" < /dev/null
No comments:
Post a Comment