bash 中存在哪些注入漏洞(如果有)?我该如何防范这些漏洞?
我有一个 bash 脚本,我通过 procmail 启动它。 Procmail 将电子邮件中的主题和发件人字段作为参数传递给 bash 脚本。由于这些值没有经过任何处理,我试图弄清楚 bash 中是否存在任何可以被人利用的注入漏洞,如果是的话,我可以采取哪些措施来防止这些漏洞。下面是一些示例代码来说明发生了什么:
#!/bin/bash
/usr/sbin/sendmail -t <<EOF
From: "myhost Administrator" <[email protected]>
To: [email protected]
Subject: An email subject
You've received a new email.
It has a subject of "$2"
It was sent from "$1".
EOF
这个 bash 脚本将由 procmail 使用 .procmailrc 脚本调用,如下所示:
:0
* ^From:\s*\/.*
{
FROM = "$MATCH"
}
:0
* ^Subject:\s*\/.*
{
SUBJECT = "$MATCH"
}
:0 c:
* ^To:.*@example.com
| /home/john_doe/examplescript.bash "$FROM" "$SUBJECT"
我想知道注入漏洞的两个区域是脚本的实例化:
/home/john_doe/examplescript.bash "$FROM" "$SUBJECT"
以及用法脚本中的变量。
/usr/sbin/sendmail -t <<EOF
From: "myhost Administrator" <[email protected]>
To: [email protected]
Subject: An email subject
You've received a new email.
It has a subject of "$2"
It was sent from "$1".
EOF
如果您好奇,此处是让我想到这个问题的实际用例
I have a bash script which I'm kicking off via procmail. Procmail passes in the subject and from field from an email as arguments to the bash script. Since these values are unsanitized in any way, I'm trying to figure out if there are any injection vulnerabilities in bash that someone could take advantage of and if so what I can do to protect against these. Here is some sample code to illustrate what's going on :
#!/bin/bash
/usr/sbin/sendmail -t <<EOF
From: "myhost Administrator" <[email protected]>
To: [email protected]
Subject: An email subject
You've received a new email.
It has a subject of "$2"
It was sent from "$1".
EOF
This bash script would be called by procmail with a .procmailrc script like this :
:0
* ^From:\s*\/.*
{
FROM = "$MATCH"
}
:0
* ^Subject:\s*\/.*
{
SUBJECT = "$MATCH"
}
:0 c:
* ^To:.*@example.com
| /home/john_doe/examplescript.bash "$FROM" "$SUBJECT"
The two areas that I'm wondering about injection vulnerabilities for are in the instantiation of the script :
/home/john_doe/examplescript.bash "$FROM" "$SUBJECT"
and the usage of the variables in the script.
/usr/sbin/sendmail -t <<EOF
From: "myhost Administrator" <[email protected]>
To: [email protected]
Subject: An email subject
You've received a new email.
It has a subject of "$2"
It was sent from "$1".
EOF
If your curious, here is the actual use case that brought this question to my mind
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
为了避免注入问题,您还可以通过一个脚本将所有消息传送到您关心的地址,该脚本从 stdin 读取消息并本机解析出您感兴趣的标头。
然后,您可以使用您选择的脚本语言中提供的库,通过 SMTP 与本地运行的邮件服务器进行通信。
这样,就没有命令执行,并且无需担心未经处理的输入被用作程序的参数。
To avoid the problems of injection, you could also just pipe all messages to the address you care about through a script which reads the message off of stdin and natively parses out the headers that interest you.
You could then use libraries available in the scripting language you chose to speak SMTP to your locally running mail server.
This way, there's no command execution, and theres no need to worry about unsanitized input being used as arguments to a program.
我不是安全专家,但任何未经净化的用户输入中都存在注入漏洞——尤其是当您将原始输入发送到可能具有特权访问权限的系统命令时。在执行此操作之前,请务必验证您的输入。
在将它们发送到您的邮件系统之前,请检查
$1和$2以确保它们仅包含可打印字符并且长度合理(例如少于 1000 个字符)。这并不是太难做到,而且它可以防止您受到某些未知漏洞的攻击。
我喜欢 Perl 的原因之一是污点模式,除非您先清理了数据,否则它会阻止您执行此类操作。
I'm not a security expert, but injection vulnerabilities exist in any non-sanitized user input -- especially if you're sending that raw input to system commands that may have privileged access. Always verify your input before doing that.
Check
$1and$2to make sure they contain only printable characters and are a reasonable length, like under 1000 characters, before sending them off to your mail system.That's not too difficult to do, and it prevents you from getting hit from some unknown exploit.
One of the things I like about Perl is the taint mode that prevents you from doing things like this unless you've cleaned up the data first.
shell 脚本本身是相当安全的。邮件中最容易受到攻击的部分是标头,并且您不允许邮件发件人更改其中的任何内容。
我在脚本中看到的唯一方法是有人可以在一行上传递一个点,这会提前结束邮件。并且可能存在使用 uuencode 嵌入附件的情况,如下所示:
我担心
.procmailrc中的行,因为我不知道引用规则。这可能是攻击者可以注入代码的地方,因此您需要查找手册中的规则并对其进行测试以确保安全。您应该测试的一些字符包括$、"、\、换行符。The shell script in itself is pretty safe. The most vulnerable part of a mail is the header, and you don't allow the mail sender to change anything in it.
The only way I see in the script is that someone could pass a dot on a single line, which would end the mail prematurely. And there may be the case of embedding attachments using uuencode like this:
I'm worried about the line in the
.procmailrc, since I don't know the quoting rules. This might be a point where an attacker could inject code, so you need to look up the rules in the manual and test them to be sure. Some characters you should test are$,",\, newlines.