Wednesday, 10 December 2008

Adding verification to a script

In the DD example the other day, the file output was written without checking if a file exists. The following is an example of how you can add a small amount of script to verify that you are not overwriting an existing file:

if [ -f $FILE ]
then
echo "The file [
$FILE] that you are seeking write already exists"
echo "Do you want to overwrite the existing file? ( y/n ) : \c"
read RESPONSE
if [ "$RESPONSE" = "n" ] || [ "$RESPONSE" = "N" ]
then
echo "The file will not be overwritten and the process will abort!"
exit
fi
fi

It is also a good idea to use the full path in a script. Users can change the path variables they are exposed to and unless you set these (either explicitly or by adding a profile for the script to use) an attacker could use a system script to run their own binary.

More on this another time.

No comments: