我有一个通过 procmail 启动的 bash 脚本。Procmail 将主题和来自电子邮件的字段作为参数传递给 bash 脚本。由于这些值没有以任何方式进行清理,我试图弄清楚 bash 中是否存在任何人可以利用的注入漏洞,如果是,我可以采取哪些措施来防止这些漏洞。这是一些示例代码来说明发生了什么:
#!/bin/bash
/usr/sbin/sendmail -t <<EOF
From: "myhost Administrator" <admin@myhost.example.com>
To: john_doe@gmail.com
Subject: An email subject
You've received a new email.
It has a subject of "$2"
It was sent from "$1".
EOF
此 bash 脚本将由 procmail 使用 .procmailrc 脚本调用,如下所示:
:0
* ^From:\s*\/.*
{
FROM = "$MATCH"
}
:0
* ^Subject:\s*\/.*
{
SUBJECT = "$MATCH"
}
:0 c:
* ^To:.*@example.com
| /home/john_doe/examplescript.bash "$FROM" "$SUBJECT"
我想知道注入漏洞的两个领域是脚本的实例化:
/home/john_doe/examplescript.bash "$FROM" "$SUBJECT"
以及脚本中变量的使用。
/usr/sbin/sendmail -t <<EOF
From: "myhost Administrator" <admin@myhost.example.com>
To: john_doe@gmail.com
Subject: An email subject
You've received a new email.
It has a subject of "$2"
It was sent from "$1".
EOF
如果您好奇,这是让我想到这个问题的实际用例