perl -> ssh?
Robert L. Harris
Robert.L.Harris at rdlg.net
Mon Sep 10 18:09:27 CDT 2001
I thought about the race condition and that's one of the reasons I didn't
want to scp the files around put anything on disk.
Thus spake John Evans (evansj at kilnar.com):
> On Mon, 10 Sep 2001, Robert L. Harris wrote:
>
> > I'm working on a script and in the pre-planning process hit some walls.
> > I can do a "ssh $host cat /etc/hosts" and read the input into an array. I
> > then want to modify the array and write /etc/hosts back out on $host.
> >
> > What's a good way to do this?
> >
> > print @Array `ssh host > /etc/hosts` doesn't seem a good idea or to work
> > for that matter.
>
> If you have ssh, then you most likely have scp as well. I would read the
> file, make your changes, save file to a temp spot (in a place other than
> /tmp) and then scp the file to the server. Make sure that the tmp file
> that you create is NOT world writeable. If it is, then you end up with a
> nasty race condition:
>
> 1) You write file.
> 2) Hacker makes changes to file (or copies his own file in place)
> 3) You scp the file out to the server.
> 4) Hacker now has what he wants on the server.
>
> Granted, modifying the hosts file is not the most dasterdly thing that a
> hacker can do, but it's definately not a good thing since they can change
> your loghost and start stealing your logs, which they can then use that
> ability to cover their tracks for future hack attempts.
>
> --
> John Evans
> http://evansj.kilnar.com/
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GCS d- s++:- a- C+++>++++ ULSB++++$ P+++$ L++++$
> E--- W++ N+ o? K? w O- M V PS+ !PE Y+ PGP t(--) 5-- X++(+++)
> R+++ tv+ b+++(++++) DI+++ D++>+++ G+ e h--- r+++ y+++
> ------END GEEK CODE BLOCK------
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
More information about the Pikes-peak-pm
mailing list