Reputation: 2506
Execute any command-line shell like into execve
In case this is helpful, here's my environment: debian 8, gcc (with std = gnu99).
I am facing the following situation: In my C program, I get a string (char* via a socket). This string represents a bash command to execute (like 'ls ls'). This command can be any bash, as it may be complex (pipelines, lists, compound commands, coprocesses, shell function definitions ...). I can not use system or popen to execute this command, so I use currently execve.
My concern is that I have to "filter" certain command. For example, for the rm command, I can apply it only on the "/home/test/" directory. All other destinations is prohibited.
So I have to prevent the command "rm -r /" but also "ls ls && rm -r /". So I have to parse the command line that is given me, to find all the command and apply filters on them.
And that's when I'm begin to be really lost.
The command can be of any complexity, so if I want to make pipelines (execve execute a command at a time) or if I want to find all commands for applying my filters, I'll have to develop parser identical to that of sh.
I do not like creating the wheel again, especially if I make it square. So I wonder if there is a feature in the C library (or that of gnu) for that.
I have heard of wordexp, but I do not see how manage pipelines, redirection or other (in fact, this does not seem made for this) and i do not see how can I retrieve all the command inside the commande.
I read the man of sh(1) to see if I can use it to "parse" but not execute a command, but so far, I find nothing.
Do I need to code a parser from the beginning?
Thank for your reading, and I apologies for my bad english : it's not my motherlanguage (thanks google translate ...).
Upvotes: 0
Views: 741
Answers (1)
Reputation: 1
Your problem:
I am facing the following situation: In my C program, I get a string (char* via a socket). This string represents a bash command to execute (like 'ls ls'). This command can be any bash, as it may be complex (pipelines, lists, compound commands, coprocesses, shell function definitions ...).
How do you plan on authenticating who is at the other end of the socket connection?
You need to implement a command parser, with security considerations? Apparently to run commands remotely, as implied by "I get a string (char* via a socket)"?
The real solution:
How to set up SSH without passwords
Your aim
You want to use Linux and OpenSSH to automate your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.
Seriously.
That's how you solve this problem:
I receive on a socket a string that is a shell command and I have to execute it. But before execute it, i have to ensure that there is not a command in conflict with all the rules (like 'rm only inside this directory, etc etc). For executing the command, I can't use system or popen (I use execve). The rest is up to me.
Given
And that's when I'm begin to be really lost.
Because what you're being asked to do is implement security features and command parsing. Go look at the amount of code in SSH and bash.
Your OS comes with security features. SSH does authentication.
Don't try to reinvent those. You won't do it well - no one can. Look how long it's taken for bash and SSH to get where they are security-wise. (Hint: it's decades because there's literally decades of history and knowledge that were built into bash and SSH when they were first coded...)
Upvotes: 0
Related Questions
- Using execv (C language) to run commands from a linux command prompt
- Execute reverse shell using execve()
- execve on linux, execute from arguments
- Execute shell program with execv
- Call Unix external commands with arguments
- using execv instead of execl in linux
- Execve invoking
- How can I exec either a shell script or an executable?
- execute shell command (c)
- Making a executable into a shell command using a C program