From 8cd268317ff55c6d63f3b98f046f0bf0847c8d85 Mon Sep 17 00:00:00 2001 From: DTB Date: Fri, 15 Dec 2023 19:39:18 -0700 Subject: [PATCH] more security information in man page, -t option (thanks silt) --- peek/peek.1 | 18 +++++++++++++++--- peek/peek.c | 13 ++++++++++--- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/peek/peek.1 b/peek/peek.1 index 9745d4d..865f7ec 100644 --- a/peek/peek.1 +++ b/peek/peek.1 @@ -43,6 +43,10 @@ The .B -p option is provided as a convenience and to avoid potential insecure programmer error in scripts. +.PP +The +.B -t +option makes peek exit if not run in a terminal. .SH DIAGNOSTICS @@ -51,13 +55,21 @@ sysexits(3) if it encounters an error. .SH BUGS -Accepting secrets in shell scripts is not adviseable. +Accepting secrets in shell scripts is not adviseable in any context. .PP The user's environment passed through to the program used with the .B -p option and their PATH environment variable is used to locate the program. If used in a safety-critical application it must be ensured that the -environment with which peek is used is not compromised. +environment with which peek is used is not compromised. For example, using +POSIX env(1) to set a known, safe PATH, and htpasswd(1) from Apache's utilities +package to hash the input with bcrypt: +.PP +.R env -i PATH=/usr/bin peek -1p htpasswd -nBi '' | cut -d : -f 2 +.PP +On systems that support it, the ioctl(2) command TIOCSTI can be used to insert +characters into the standard input going to peek. This doesn't allow snooping +but can be used for general mischief. .SH COPYRIGHT @@ -65,4 +77,4 @@ Public domain. .SH SEE ALSO -env(1), read(1), sh(1) +env(1), ioctl(2), ioctl_tty(2), read(1), sh(1) diff --git a/peek/peek.c b/peek/peek.c index 18eb997..dad45e7 100644 --- a/peek/peek.c +++ b/peek/peek.c @@ -6,8 +6,9 @@ # include #endif #include /* tcgetattr(3), tcsetattr(3), struct termios, ECHO */ -#include /* dup(2), execvp(3), fork(2), getopt(3), pipe(2), - * write(2), STDERR_FILENO, STDOUT_FILENO */ +#include /* dup(2), execvp(3), fork(2), getopt(3), isatty(3), + * pipe(2), write(2), STDERR_FILENO, STDIN_FILENO, + * STDOUT_FILENO */ static char *program_name = "peek"; @@ -30,7 +31,7 @@ int main(int argc, char *argv[]){ eof = EOF; include_eof = 0; - while((c = getopt(argc, argv, "1enop")) != -1) + while((c = getopt(argc, argv, "1enopt")) != -1) switch(c){ case '1': eof = '\n'; break; case 'n': include_eof = 1; break; @@ -42,6 +43,12 @@ int main(int argc, char *argv[]){ else outputs[2] = p[1]; break; + case 't': + if(isatty(STDIN_FILENO) != 1){ + fprintf(stderr, "%s: Must be run in a terminal" + " (option -t specified)\n", argv[0]); + return EX_USAGE; + } default: goto usage; }