Collaborate Disseminate
If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection?
I’m having issues clearly understanding this behavior in Bash. Also, I have issues with echo -n "$1&quo… Continue reading Are these bash lines (handling untrusted user input) vulnerable to command injection?
tldr: is using a script spawned by my main process, which reads only a chunk of a sensitive file then passing the result to my main process – of any benefit?
in contrast to loading the file in my main process?
background:
I’m building my … Continue reading benefit to reading sensitive file chunks via a "middleman" shell script?
Lisp is one of those programming languages that seems to keep taunting us for not learning it properly. It is still used for teaching functional languages today. [Adam McDaniel] has …read more Continue reading Get Your Lisp On With The Dune Shell
One of the most universal experiences of any Linux or Unix user is working through a guide or handbook and coming across an almost unbelievably complex line of code meant …read more Continue reading Blowing Up Shell Scripts
I’m reviewing code which apparently ignores all security standards but doesn’t seem to be exploitable due to its peculiar construction. The first stage is a Java Spring application and the name parameter is fully user-controlled.
String cm… Continue reading Is this code vulnerable to injection?
Bash is great for automating little tasks, but sometimes a little script you think will take a minute to write turns into a half hour or more. This is the …read more Continue reading Linux Fu: Failing Pipelines
This week Jonathan Bennett and Dan Lynch chat with Paweł Karaś about Amber, a modern scripting language that compiles into a Bash script. Want to write scripts with built-in error …read more Continue reading FLOSS Weekly Episode 790: Better Bash Scripting with Amber
Markdown has become an extremely popular way to document source code and other projects, thanks in no small part to how well web-based services like GitHub render it. Just sprinkle …read more Continue reading Preview Markdown in the Terminal with Bash
I was working on a CTF challenge that involved a setuid-enabled binary, ‘/usr/bin/python’ where the owner is ‘root’. The user I assumed was "www-data", with UID=33. The goal was to create a bash shell that had RUID=EUID=0 by runn… Continue reading Python os.system() does not change EUID to 0, but os.execl() does, why? [duplicate]
It certainly isn’t a new idea to compile a language into an intermediate language. The original C++ compiler outputs C code, for example. Enhanced versions of Fortran were often just …read more Continue reading Amber Compiles to Bash