'Trap' command and security hole

'Trap' command and security hole

Post by y. w » Wed, 28 Jul 1999 04:00:00



Hi,
We were HP UX user before we migrated to IBM F50 few months ago.  In
the HP system, we used shell script in the .profile to guide users
when they login.  In the shell script, we put in a trap command to
prevent user from interrupting the program and get into '$' prompt,
the command is as follows:

trap 'stty 0; kill -9 0' 1 2 3 15

After porting to IBM, we discovered  that the above command caused
problem.  The problem is : if the process that the user was running
did not get disconnected gracefully (for example, the phone line
dropped in the case of remote users) the process would be hung and run
away, this had wasted system resources and pulled down the system
performance a lot.  After changing the trap command to the following
the problem vanished:

trap 1 2 3

But this has since opened a security hole in the system as users could
actually break the system and get into '$' prompt.

Any advice to solve this problem?  

Thanks in advance for your help.

Regards,
Y. Wei

 
 
 

1. ksh: trap '...' exit int ... or just trap '...' exit?

trap '...' exit int ...

int will cause the script to exit, so '...' get run twice:


#!/bin/ksh

trap 'print a' exit int
sleep 10

^Ca
a

But the natural exit will always causes '...' to run,
which is often not desired.

So should we always write something like

trap 'print a' exit int
...
trap - exit
exit 0
?
--
Michael Wang
http://www.unixlabplus.com/

2. Solaris 8 printing hangs server

3. trap command and security hole

4. ksh cmd line completion

5. Interesting sc 'security hole'

6. Root password

7. 'rsh <host> csh -i' security hole???

8. Redhat 3.0.3 keytables not found

9. Can someone explain the 'trap' command in /bin/sh?

10. Piping results of a 'find' command to a 'mv' command...

11. How to hide from 'who', 'finger', 'ps' commands?

12. Help with 'user', 'w', 'who' commands