« Previous 1 2 3 4
Best practices for secure script programming
Small Wonders
Conclusions
The close integration between scripts and the shell designed to execute commands, accompanied by lax syntax verification, guarantees that a lack of attention in shell programming is quickly punished by dangerous security vulnerabilities.
The criteria presented here can help you work around most of the problems. Unlike complicated security vulnerabilities, in the case of shell scripts, the cause is usually a simple lack of understanding that a certain construct can have side effects.
Infos
- Problems with Steam script: https://github.com/valvesoftware/steam-for-linux/issues/3671
- Linux Documentation Project: https://tldp.org
- SHC man page: http://www.datsi.fi.upm.es/~frosal/sources/shc.html
- SHC limits: https://www.linuxjournal.com/article/8256
- Secure use of temp files: https://www.netmeister.org/blog/mktemp.html
- ShellCheck: https://github.com/koalaman/shellcheck/
- List of ShellCheck checks: https://github.com/koalaman/shellcheck/wiki/Checks
- ShellCheck on the web: https://www.shellcheck.net
« Previous 1 2 3 4
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)