« Previous 1 2 3 4

Best practices for secure script programming

Small Wonders

Conclusions

The close integration between scripts and the shell designed to execute commands, accompanied by lax syntax verification, guarantees that a lack of attention in shell programming is quickly punished by dangerous security vulnerabilities.

The criteria presented here can help you work around most of the problems. Unlike complicated security vulnerabilities, in the case of shell scripts, the cause is usually a simple lack of understanding that a certain construct can have side effects.

Infos

  1. Problems with Steam script: https://github.com/valvesoftware/steam-for-linux/issues/3671
  2. Linux Documentation Project: https://tldp.org
  3. SHC man page: http://www.datsi.fi.upm.es/~frosal/sources/shc.html
  4. SHC limits: https://www.linuxjournal.com/article/8256
  5. Secure use of temp files: https://www.netmeister.org/blog/mktemp.html
  6. ShellCheck: https://github.com/koalaman/shellcheck/
  7. List of ShellCheck checks: https://github.com/koalaman/shellcheck/wiki/Checks
  8. ShellCheck on the web: https://www.shellcheck.net

« Previous 1 2 3 4

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=