About Archive Tags RSS Feed

 

Well, are you sure you're using that thing correctly?

31 October 2008 21:50

In response to the comments left on my previous entry about executable configuration files I've changed the way that tscreen works.

There is still support for using an arbitrary shell script or binary as a configuration file, but you must be explicit to enable it:

#
#  Load the dynamic section, if it exists.
#
if -x ~/.tscreen.dynamic  'source ~/.tscreen.dynamic|'

The change here is the trailing "|" on the argument to the source command:

source ~/foo/bar

Opens ~/foo/bar and parses the contents. (Assuming it exists.)

source ~/bin/blah|

Executes ~/bin/blah and parses the output. (Assuming it exists)

I still see no security risk with the previous setup, but I'm happy to apply a little misdirection if that makes people feel better.

ObFilm: Ghostbusters

Tags: security, tscreen | 4 comments

 

Comments on this entry

icon Marek at 11:45 on 31 October 2008
One accident which could happen that just came to mind: say you've copied your tscreen config to an SMB share, and then back off again, you might suddenly find it's gained x. Of course, no *real* UN*X sysadmin would do this, and I doubt a static tscreen config would execute! But I agree it might be better to have the safety catch of a | to stop kids shooting themselves in the foot.
icon Jonathan Wakely at 11:51 on 31 October 2008
How about checking the file owner and mode, as ssh does for the .ssh dir and authorized_keys file? If it's writable by anyone except you, refuse to execute it. That could still be done even if you have to explicitly-enable the feature with the trailing "|"
icon Steve Kemp at 12:17 on 31 October 2008

Checking ownership, and similar, are good things to think about for the future. But mostly I think that by making this explicit I've done "enough".

I could easily imagine a root owned /usr/local/bin/gen-screenrc script which was installed system-wide to handle a whole bunch of users and a simple uid test would fail to handle this.


icon Jonathan Wakely at 17:32 on 31 October 2008
Yes, I did think of that. It could be handled easily enough by making the user install a file with the right mode and permissions, containing nothing but ". /usr/local/bin/gen-screenrc" but as you say, your current solution is good enough.

 

Created by ephemeris.

© Steve Kemp