Im currently designing a solution where a security-sensitive device (located on IP X.X.X.X) will execute the command: socat -u tcp-l:9999,fork system:"touch /tmp/updatefile" &
A script will check for existence of the /tmp/updatefile, and when it exist, delete the file and then trigger a download from a trusted server when /tmp/updatefile is present.
The trusted server will use the command nc -z -w5 X.X.X.X 9999 to trigger a download.
Now to the question: Provided that the security-sensitive device is located on a unprotected wifi, it means that anyone could send packets to the security-sensitive device on port 9999.
This would cause the packet's content to be "piped into" touch on STDIN. Is this safe to do security-wise? Assume that the content of the packet coming into port 9999 could be malicious. My assumption is that anything sent to STDIN on touch is completely ignored and thrown away, and thats its not possible for an malicious attacker to "escape out" from touch using only STDIN. Are im correct?
Im fully aware of the implications of DoS by flooding with :9999-packets which would cause the device to update every period instead of just when neccessary, but that isn't a concern.
The download of the file from the trusted server over unprotected wifi isn't a concern either, as the file is signed & encrypted using both HMAC & AES, using pre-shared keys available on both the trusted server and the device.
