more security information in man page, -t option (thanks silt)
This commit is contained in:
parent
e7f886a40a
commit
8cd268317f
18
peek/peek.1
18
peek/peek.1
@ -43,6 +43,10 @@ The
|
|||||||
.B -p
|
.B -p
|
||||||
option is provided as a convenience and to avoid potential insecure programmer
|
option is provided as a convenience and to avoid potential insecure programmer
|
||||||
error in scripts.
|
error in scripts.
|
||||||
|
.PP
|
||||||
|
The
|
||||||
|
.B -t
|
||||||
|
option makes peek exit if not run in a terminal.
|
||||||
|
|
||||||
.SH DIAGNOSTICS
|
.SH DIAGNOSTICS
|
||||||
|
|
||||||
@ -51,13 +55,21 @@ sysexits(3) if it encounters an error.
|
|||||||
|
|
||||||
.SH BUGS
|
.SH BUGS
|
||||||
|
|
||||||
Accepting secrets in shell scripts is not adviseable.
|
Accepting secrets in shell scripts is not adviseable in any context.
|
||||||
.PP
|
.PP
|
||||||
The user's environment passed through to the program used with the
|
The user's environment passed through to the program used with the
|
||||||
.B -p
|
.B -p
|
||||||
option and their PATH environment variable is used to locate the program.
|
option and their PATH environment variable is used to locate the program.
|
||||||
If used in a safety-critical application it must be ensured that the
|
If used in a safety-critical application it must be ensured that the
|
||||||
environment with which peek is used is not compromised.
|
environment with which peek is used is not compromised. For example, using
|
||||||
|
POSIX env(1) to set a known, safe PATH, and htpasswd(1) from Apache's utilities
|
||||||
|
package to hash the input with bcrypt:
|
||||||
|
.PP
|
||||||
|
.R env -i PATH=/usr/bin peek -1p htpasswd -nBi '' | cut -d : -f 2
|
||||||
|
.PP
|
||||||
|
On systems that support it, the ioctl(2) command TIOCSTI can be used to insert
|
||||||
|
characters into the standard input going to peek. This doesn't allow snooping
|
||||||
|
but can be used for general mischief.
|
||||||
|
|
||||||
.SH COPYRIGHT
|
.SH COPYRIGHT
|
||||||
|
|
||||||
@ -65,4 +77,4 @@ Public domain.
|
|||||||
|
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
|
|
||||||
env(1), read(1), sh(1)
|
env(1), ioctl(2), ioctl_tty(2), read(1), sh(1)
|
||||||
|
|||||||
13
peek/peek.c
13
peek/peek.c
@ -6,8 +6,9 @@
|
|||||||
# include <sysexits.h>
|
# include <sysexits.h>
|
||||||
#endif
|
#endif
|
||||||
#include <termios.h> /* tcgetattr(3), tcsetattr(3), struct termios, ECHO */
|
#include <termios.h> /* tcgetattr(3), tcsetattr(3), struct termios, ECHO */
|
||||||
#include <unistd.h> /* dup(2), execvp(3), fork(2), getopt(3), pipe(2),
|
#include <unistd.h> /* dup(2), execvp(3), fork(2), getopt(3), isatty(3),
|
||||||
* write(2), STDERR_FILENO, STDOUT_FILENO */
|
* pipe(2), write(2), STDERR_FILENO, STDIN_FILENO,
|
||||||
|
* STDOUT_FILENO */
|
||||||
|
|
||||||
static char *program_name = "peek";
|
static char *program_name = "peek";
|
||||||
|
|
||||||
@ -30,7 +31,7 @@ int main(int argc, char *argv[]){
|
|||||||
|
|
||||||
eof = EOF;
|
eof = EOF;
|
||||||
include_eof = 0;
|
include_eof = 0;
|
||||||
while((c = getopt(argc, argv, "1enop")) != -1)
|
while((c = getopt(argc, argv, "1enopt")) != -1)
|
||||||
switch(c){
|
switch(c){
|
||||||
case '1': eof = '\n'; break;
|
case '1': eof = '\n'; break;
|
||||||
case 'n': include_eof = 1; break;
|
case 'n': include_eof = 1; break;
|
||||||
@ -42,6 +43,12 @@ int main(int argc, char *argv[]){
|
|||||||
else
|
else
|
||||||
outputs[2] = p[1];
|
outputs[2] = p[1];
|
||||||
break;
|
break;
|
||||||
|
case 't':
|
||||||
|
if(isatty(STDIN_FILENO) != 1){
|
||||||
|
fprintf(stderr, "%s: Must be run in a terminal"
|
||||||
|
" (option -t specified)\n", argv[0]);
|
||||||
|
return EX_USAGE;
|
||||||
|
}
|
||||||
default: goto usage;
|
default: goto usage;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user