0

If I have a script which on some conditions just do 

echo "rm -rf *"

Can it be exploited in some way?

EDIT: the goal is to write an enumeration script which will eventually suggests a command to execute to privilege escalate. So rm -rf is not the most appropriate example. A better example: imagine that the script finds "find" command in sudo -l list then the script will output

"find . -exec /bin/sh \; -quit"
Maicake
  • 497
  • 1
  • 3
  • 13
  • Beyond the immediate that having `rm -rf *` in a script is generally a bad idea, as the results could potentially be calamitous, if you forget one day and change the access permissions of the file for some reason and open it up to all users, then anyone could run that. –  May 31 '19 at 10:59
  • @Ian While write permissions for an executable script can be dangerous, I think this is out-of-scope for this question. –  May 31 '19 at 10:59
  • Fair comment, was just thinking of further use cases. –  May 31 '19 at 11:00
  • @Ian The bane of all InfoSec professionals :D –  May 31 '19 at 11:19
  • I can't really put a good finger on why this is wrong, but it just feels wrong. I don't think it can really be exploited, but I'd say there's a potential for "accidents" by someone miss-using your script, or miss-understanding it. – Steve Sether May 31 '19 at 21:03

2 Answers2

2

As mentioned here:

You could pipe your command into a shell so it gets executed:

Or you could pass it as an argument to a shell:

Or you could use the bash built-in eval:

Even if your script contains several lines, including echo "rm -rf", it would be trivial to cat it and extract that line, and then apply the above mentioned tricks to wipe everything.

A. Darwin
  • 3,562
  • 2
  • 15
  • 26
1

If this is all you do, then you are safe, as long as you never forget the echo.

As a suggestion, let ShellCheck run over your script, just to make sure you didn't do anything bad.