perl -> ssh?

Robert L. Harris Robert.L.Harris at rdlg.net
Mon Sep 10 18:09:27 CDT 2001 


I thought about the race condition and that's one of the reasons I didn't
want to scp the files around put anything on disk.

Thus spake John Evans (evansj at kilnar.com):

> On Mon, 10 Sep 2001, Robert L. Harris wrote:
> 
> >   I'm working on a script and in the pre-planning process hit some walls.
> > I can do a "ssh $host cat /etc/hosts" and read the input into an array.  I
> > then want to modify the array and write /etc/hosts back out on $host.
> >
> >   What's a good way to do this?
> >
> > print @Array `ssh host > /etc/hosts` doesn't seem a good idea or to work
> > for that matter.
> 
> If you have ssh, then you most likely have scp as well. I would read the
> file, make your changes, save file to a temp spot (in a place other than
> /tmp) and then scp the file to the server. Make sure that the tmp file
> that you create is NOT world writeable. If it is, then you end up with a
> nasty race condition:
> 
> 1) You write file.
> 2) Hacker makes changes to file (or copies his own file in place)
> 3) You scp the file out to the server.
> 4) Hacker now has what he wants on the server.
> 
> Granted, modifying the hosts file is not the most dasterdly thing that a
> hacker can do, but it's definately not a good thing since they can change
> your loghost and start stealing your logs, which they can then use that
> ability to cover their tracks for future hack attempts.
> 
> -- 
> John Evans
> http://evansj.kilnar.com/
> 
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GCS d- s++:- a- C+++>++++ ULSB++++$ P+++$ L++++$
> E--- W++ N+ o? K? w O- M V PS+ !PE Y+ PGP t(--) 5-- X++(+++)
> R+++ tv+ b+++(++++) DI+++ D++>+++ G+ e h--- r+++ y+++
> ------END GEEK CODE BLOCK------



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

More information about the Pikes-peak-pm mailing list