Mercurial > hg > anonet-resdb
changeset 539:7b9a87c560ef draft
peer2anonet:
Sun Jul 10 08:13:17 CDT 2011 - d3v1150m471c
* security checks changed to check acceptable data and exits
showing offending info for violating data detections.
| author | d3v1150m471c <d3v11@d3v1150m471c.ano> |
|---|---|
| date | Sun, 10 Jul 2011 08:14:52 -0500 |
| parents | 3247a742e3f8 |
| children | 3e16925cf138 |
| files | contrib/peer2anonet/README contrib/peer2anonet/peer2anonet |
| diffstat | 2 files changed, 24 insertions(+), 53 deletions(-) [+] |
line wrap: on
line diff
--- a/contrib/peer2anonet/README Sun Jul 10 07:26:48 2011 -0500 +++ b/contrib/peer2anonet/README Sun Jul 10 08:14:52 2011 -0500 @@ -103,4 +103,10 @@ Sun Jul 10 07:25:42 CDT 2011 - d3v1150m471c * security checks, whitespace removed after some data + Sun Jul 10 08:13:17 CDT 2011 - d3v1150m471c + * security checks changed to check acceptable data and exits + showing offending info for violating data detections. + + +
--- a/contrib/peer2anonet/peer2anonet Sun Jul 10 07:26:48 2011 -0500 +++ b/contrib/peer2anonet/peer2anonet Sun Jul 10 08:14:52 2011 -0500 @@ -44,60 +44,25 @@ TEST[4]=$YOURPORT; TEST[5]=$YOURASN; TEST[6]=$REMOTEIP; TEST[7]=$PEERIP TEST[8]=$PEERPORT; TEST[9]=$PEERASN -SECURE() { - echo "peer2anonet: error: possible malicious code detected" - echo "offending data: $CHECK" - exit 1 - } - +if [[ $(echo ${TEST[0]} | tr -d 'a-zA-Z0-9._-' | wc -c) -gt 1 ]]; then + echo "peer2anonet: fatal error: unacceptable data: ${TEST[0]} +" + exit 1 +fi + +for((X=1;X<=8;X++)); do +if [[ $(echo ${TEST[$X]} | tr -d '0-9.' | wc -c) -gt 1 ]]; then + echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} +" + exit 1 +fi +done -for CHECK in ${TEST[@]}; do -[[ $CHECK == *'rm'* ]] && SECURE -[[ $CHECK == *'mail'* ]] && SECURE -[[ $CHECK == *'cp'* ]] && SECURE -[[ $CHECK == *'mv'* ]] && SECURE -[[ $CHECK == *'ipconfig'* ]] && SECURE -[[ $CHECK == *'iwconfig'* ]] && SECURE -[[ $CHECK == *'ping'* ]] && SECURE -[[ $CHECK == *'make'* ]] && SECURE -[[ $CHECK == *'install'* ]] && SECURE -[[ $CHECK == *'uninstall'* ]] && SECURE -[[ $CHECK == *'map'* ]] && SECURE -[[ $CHECK == *'su'* ]] && SECURE -[[ $CHECK == *'sudo'* ]] && SECURE -[[ $CHECK == *'$'* ]] && SECURE -[[ $CHECK == *'!'* ]] && SECURE -[[ $CHECK == *'echo'* ]] && SECURE -[[ $CHECK == *'netcat'* ]] && SECURE -[[ $CHECK == *'id '* ]] && SECURE -[[ $CHECK == *'source'* ]] && SECURE -[[ $CHECK == *'alias '* ]] && SECURE -[[ $CHECK == *'passwd'* ]] && SECURE -[[ $CHECK == *'user'* ]] && SECURE -[[ $CHECK == *'bash'* ]] && SECURE -[[ $CHECK == *'ls '* ]] && SECURE -[[ $CHECK == *'ssh'* ]] && SECURE -[[ $CHECK == *'nc '* ]] && SECURE -[[ $CHECK == *'telnet'* ]] && SECURE -[[ $CHECK == *'rdesktop'* ]] && SECURE -[[ $CHECK == *'iptables'* ]] && SECURE -[[ $CHECK == *'}'* ]] && SECURE -[[ $CHECK == *'{'* ]] && SECURE -[[ $CHECK == *'['* ]] && SECURE -[[ $CHECK == *']'* ]] && SECURE -[[ $CHECK == *'('* ]] && SECURE -[[ $CHECK == *')'* ]] && SECURE -[[ $CHECK == *'exec'* ]] && SECURE -[[ $CHECK == *'dash'* ]] && SECURE -[[ $CHECK == *'perl'* ]] && SECURE -[[ $CHECK == *'python'* ]] && SECURE -[[ $CHECK == *'netstat'* ]] && SECURE -[[ $CHECK == *'sockstat'* ]] && SECURE -[[ $CHECK == *'>'* ]] && SECURE -[[ $CHECK == *'<'* ]] && SECURE -[[ $CHECK == *'/'* ]] && SECURE -[[ $CHECK == *'kill'* ]] && SECURE -done +if [[ $(echo ${TEST[9]} | tr -d 'a-zA-Z0-9' | wc -c) -gt 1 ]]; then + echo "peer2anonet: fatal error: unacceptable data: ${TEST[9]} +" + exit 1 +fi ######################################################################### # We need to check if base files need to be imported to services for bird: