Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
howto:conffile [2010/02/23 17:50]
127.0.0.1 external edit
howto:conffile [2015/08/08 18:00] (current)
bill_thomson
Line 5: Line 5:
 ===== General ===== ===== General =====
  
-For this task, you don't have to write fat parser routines (unless you want it 100% secure or you want a special file syntax) - you can use Bash'​s ​source command. The file to be sourced should be formated in key="​value"​ format, otherwise bash will try to interpret commands:+For this task, you don't have to write large parser routines (unless you want it 100% secure or you want a special file syntax) - you can use the Bash source command. The file to be sourced should be formated in key="​value"​ format, otherwise bash will try to interpret commands:
  
 <​code>​ <​code>​
Line 15: Line 15:
 </​code>​ </​code>​
  
-So, where do these variables come from? If everything works fine, they are defined in /​etc/​cool.cfg which is a file that's sourced into the current script or shell. Note that this is **not** the same as executing this file as a script!+So, where do these variables come from? If everything works fine, they are defined in /​etc/​cool.cfg which is a file that's sourced into the current script or shell. Notethis is **not** the same as executing this file as a script!
 The sourced file most likely contains something like: The sourced file most likely contains something like:
  
Line 23: Line 23:
 </​code>​ </​code>​
  
-These are normal statements understood by Bash, nothing special ​to do. Of course (and that is a big disadvantage under normal circumstances) the sourced file can contain **everything** that Bash understands,​ including ​evil code!+These are normal statements understood by Bash, nothing special. Of course (anda big disadvantage under normal circumstances) the sourced file can contain **everything** that Bash understands,​ including ​malicious ​code!
  
 The ''​source''​ command also is available under the name ''​.''​ (dot). The usage of the dot is identical: The ''​source''​ command also is available under the name ''​.''​ (dot). The usage of the dot is identical:
Line 30: Line 30:
 #!/bin/bash #!/bin/bash
 echo "​Reading config...."​ >&2 echo "​Reading config...."​ >&2
-. /​etc/​cool.cfg+. /etc/cool.cfg #note the space between the dot and the leading slash of /etc.cfg
 echo "​Config for the username: $cool_username"​ >&2 echo "​Config for the username: $cool_username"​ >&2
 echo "​Config for the target host: $cool_host"​ >&2 echo "​Config for the target host: $cool_host"​ >&2
Line 37: Line 37:
 ===== Per-user configs ===== ===== Per-user configs =====
  
-There'​s also a way to provide a system-wide config file in /etc and a custom ​one in ~/ (user'​s home) to override ​some system-wide defaults. ​The user-specific config ​will only be used when present, in the following example:+There'​s also a way to provide a system-wide config file in /etc and a custom ​config ​in ~/​(user'​s home) to override system-wide defaults. ​In the following example, the if/then construct is used to check for the existance of a user-specific config:
  
 <​code>​ <​code>​
Line 53: Line 53:
 ===== Secure it ===== ===== Secure it =====
  
-As mentioned earlier, the sourced file can contain ​everything, it's basically ​an included Bash script. That raises ​security issues, like the configuring ​person ​is able to "​execute"​ arbitrary code when your script is sourcing its config file. +As mentioned earlier, the sourced file can contain ​anything a Bash script can. Essentially, it **is** ​an included Bash script. That creates ​security issues. A malicicios ​person ​can "​execute"​ arbitrary code when your script is sourcing its config file. 
-You might want to only allow constructs in the form ''​NAME=VALUE''​ in that file (variable assignment syntax) and maybe comments (though, comments are technically ​unimportant, of course). +You might want to allow only constructs in the form ''​NAME=VALUE''​ in that file (variable assignment syntax) and maybe comments (though ​technically, comments are unimportant). 
-Imagine the following "​config file", containing some "​evil" ​code:+Imagine the following "​config file", containing some malicious ​code:
  
 <​code>​ <​code>​
-# cool config file for my even cooler script ​(eh?)+# cool config file for my even cooler script
 username=god_only_knows username=god_only_knows
 hostname=www.example.com hostname=www.example.com
Line 69: Line 69:
 </​code>​ </​code>​
  
-I guess you don't want these ''​echo''​-commands (which could be any other commands!) to be executed. One way to be a bit safer is to filter only the constructs you want, write the filtered results to a new file and source the new file. Also, we need to be careful that someome ​hasn'​t ​tacked on something nefarious ​to the end of one of our name=value parameters, perhaps using ; or && command separators. In these cases, perhaps it is simplest to just ignore the line entirely. Egrep (''​grep -E''​) will help us here, it filters by description ​of how a line should look:+You don't want these ''​echo''​-commands (which could be any other commands!) to be executed. One way to be a bit safer is to filter only the constructs you want, write the filtered results to a new file and source the new file. We also need to be sure something nefarious ​hasn'​t ​been added to the end of one of our name=value parameters, perhaps using ; or && command separators. In those cases, perhaps it is simplest to just ignore the line entirely. Egrep (''​grep -E''​) will help us here, it filters by description:​
  
 <​code>​ <​code>​
Line 87: Line 87:
 source "​$configfile"​ source "​$configfile"​
 </​code>​ </​code>​
-**__To make clear what it does:​__** ​It checks if the file contains something we don't want, if yes, it filters ​it and writes the filtered contents to a new file. If done, it changes ​the name stored in the variable ''​configfile'' ​from the original name to the name of the secured fileThen, as usual, it sources the file named by that variable, if it is the original ​one or the secured one.+**__To make clear what it does:​__** ​egrep checks if the file contains something we don't want, if yes, egrep filters ​the file and writes the filtered contents to a new file. If done, the original file name is changed to the name stored in the variable ''​configfile''​. ​The file named by that variable ​is sourcedas if it were the original ​file.
  
-This filter ​only allows ''​NAME=VALUE''​ and comments in the file, though ​it doesn'​t prevent all methods of executing ​code. I will address that later.+This filter allows ​only ''​NAME=VALUE''​ and comments in the file, but it doesn'​t prevent all methods of code execution. I will address that later.