Bash is a "Unix shell": a command-line interface for interacting with the operating system. It is widely available, being the default shell on many GNU/Linux distributions and on Mac OSX, with ports existing for many other systems. It was intended as a free software alternative to the Bourne shell, and it incorporates all features of that shell, as well as new features such as integer arithmetic and job control.
Questions tagged [bash-scripting]
11 questions
2
votes
0 answers
Shell scripts scanning tools
It has become common trend to use shell scripts from the web and directly run them:
bash <(curl -sL some.random.website.com)
I always view the script before running them. However, shell scripts are always more cryptic than reading a regular program.…
shivams
- 221
- 1
- 5
2
votes
2 answers
Are alphanumeric strings safe to pass to a bash script?
I'm currently developing a web service that takes user input and passes it to a bash script as an argument.
I know that without sanitizing this allows for remote command execution. So I want to know if alphanumeric strings with hyphens are safe to…
limeeattack
- 62
- 5
1
vote
1 answer
macapps.link - possible attack vector - could you pipe through some security script
I asked this at https://apple.stackexchange.com/questions/445343/macapps-link-possible-attack-vector-could-you-pipe-through-some-security-scr but I think this would be more appropriate place.
A work colleague said she is using…
HankCa
- 113
- 4
1
vote
2 answers
Are positional parameters vulnerable to command injection?
I am trying to find if the following shell script is vulnerable to command injection
#!/bin/sh
set -x
dig +noall +answer TXT $2._domainkey.$1
Now when I try something like this,
sh script.sh "sparkpost.com & echo \$(whoami)" "google"
(Note: the…
Krishnaraj
- 163
- 4
1
vote
1 answer
Learn Bash or Powershell for Security Work?
Is Bash more commonly used in security work than PowerShell? If so, why? (Now that Powershell can be used on Linux)
I tried to Google around for an answer on this, and the only questions we seem to have here are quite different, e.g.:
What should I…
VSO
- 523
- 1
- 5
- 10
1
vote
1 answer
sudo systemctl running a webserver a security risk?
On linux ami the only way to easily run systemctl for my server is by running
sudo systemctl start node
In the service:
/etc/systemd/system/node.service
sudo seems to be mandatory for the 'enable', 'status', 'start' and 'stop' systemctl commands…
user1709076
- 149
- 7
1
vote
0 answers
For creating tools, Bash, Perl or Python? Which should I invest my time in to?
Having trouble choosing between the three, I would of course love to learn all three in the future, but right now I'm curious as to which language would be the most beneficial to me.
Also, I'm aware that different tools might be more useful in…
s h a a n
- 335
- 1
- 3
- 14
0
votes
1 answer
BASH vs SH (dash, etc.) in terms of security
Since I am new to Linux, when writing scripts I always followed the rule "the less code, the less attack surface", so I try to write scripts with privileged access (sudo, root, etc.) in sh and use less third-party programs (grep, sed, etc.).
But for…
NewLinux
- 625
- 3
- 8
0
votes
1 answer
Creating a unique password for each device/unit of the same product
We are currently working on an IoT product & having a hard time coming up with a strategy to create a unique password for each device/unit.
I do understand that password based on a function of { serial number, CPU id, MAC address or timestamp } is…
Baranikumar Venkatesan
- 635
- 4
- 12
0
votes
1 answer
Is it normal for shell scripts to contain binary data?
I ask because I've been looking into Miniconda (https://repo.anaconda.com/miniconda/Miniconda3-py39_4.9.2-Linux-x86_64.sh), and the installation shell script has TONS of binary data starting at line 577.
I ended up checking the shell script because…
TeknoBen
- 3
- 1
0
votes
0 answers
Linux curl SH script broken unless I specify TLS version
I was going to post this on a different SE site, but I found that explicitly stating --tlsv1.1 to curl fixed the problem, for now. My question now relates to security.
A vendor switched to FTPS (not SSH FTP) recently. I've added --ssl and…
user208145
- 123
- 3