Comments (19)
just checked with "shc -H -f script.sh -o whatever" it's protected it does not leak... just try again with '-H' or '-U' ...
If you have further issue, please post the complete steps you are doing
No, it is not a good option for "positional parameters", please add this feature as soon as possible @intika
from shc.
@TJokiel solved here https://github.com/Intika-Linux-Apps/SHC-Hardening/tree/master i don't know if this will be merged
from shc.
I can confirm this.
The mitigation is that cmdline only shows the first bytes of the script so you can add a lot of junk at the beginning to hide your code.
However, for what I've read, somebody can change the size of the cmdline contents by changing the kernel source code, recompiling it and executing the script.
from shc.
Has this bug been fixed yet?
from shc.
@Yokai-Seishinkage No... when it's fixed, this issue will be closed
from shc.
I am in kernel 4.4.0 and just checked it:
$ cat >test.sh
#! /bin/bash
#
while true
do
sleep 10
done
$ shc -U -f test.sh
$ sudo ./test.sh.x &
[3] 23741
$ cat /proc/23741/cmdline
sudo./test.sh.x
If you don't use the -U
flag, then the cmdline will expose the script.
-U
stands for Untraceable (The -T
option was reversed and renamed to -U
from shc-3.9.1)
from shc.
I am using debian 9 (stretch) and kernel 4.9
I followed the above procedure to compile a simple script with -U and -f
When i run the script using sudo the code is indeed hidden.
However when i run it as a simple user without sudo the code is revealed
./test.sh.x &
cat /proc/30064/cmdline
./test.sh.x-c #!/bin/bash
#
while true
do
sleep 10
done
I also tested switching to user root with sudo su and then run it without sudo and it revealed as well.
Is this a known standing bug? Should I compile with other options?
from shc.
im on 4.4.0-97-generic, ubuntu 16.04
summary:
- as normal user, cant run binary after adding -U , premission denied.
- as sudo, the script is hidden.
- as sudo su, the script is NOT hidden
$ ./shc -U -f abc.sh
$ ./abc.sh.x
./abc.sh.x: Operation not permitted
Killed
$ sudo ./abc.sh.x &
[1] 804
$ cat /proc/804/cmdline
sudo./abc.sh.x -----> hidden, fine.
$ sudo su
#./abc.sh.x &
[1] 841
#cat /proc/841/cmdline
./abc.sh.x-c
#! /bin/bash ------> not hidden.
while true
do
sleep 10
done
from shc.
This should be fixed in the last commit ... you need to use -H (Hardening) flag
from shc.
'cat /proc/[pid]/cmdline' issue is covered in latest shc version but still you could reveal all script code with simple 'ps auxww' command even if you use the '-H' flag.
from shc.
are you sure about that 'ps auxww' ? i can not get the script revealed with that.
from shc.
Yes. i'm running the script as root and this is 'ps auxww' output:
root 9109 0.0 0.0 4348 804 pts/4 S 22:38 0:00 ./test.sh.x
root 9110 0.0 0.0 4348 88 pts/4 S 22:38 0:00 ./test.sh.x
root 9111 0.0 0.0 11372 2932 pts/4 S 22:38 0:00 sh -c #! /bin/bash while true do sleep 10 done
root 10286 0.0 0.0 6004 816 pts/4 S 22:38 0:00 sleep 10
root 10521 0.0 0.0 13000 2420 pts/4 R+ 22:38 0:00 ps aux
from shc.
Indeed, confirmed i will look at this when i have the time, nice finding by the way !
from shc.
i opened an issue about it here #69
from shc.
issue still exists in original version and in "solved" version
"https://github.com/Intika-Linux-Apps/SHC-Hardening/tree/master"
ps aux|grep script.sh.c.x shows code.
I'm on Linux 4.4.0-138-generic x86_64
from shc.
@felix303 with the solved version with what parameter did you built your sh script ?
from shc.
just checked with "shc -H -f script.sh -o whatever" it's protected it does not leak... just try again with '-H' or '-U' ...
If you have further issue, please post the complete steps you are doing
from shc.
Also this have been merged (i don't know if it's on release but it's merged... )
from shc.
It worked with "-H" !!! Thanks @intika
from shc.
Related Issues (20)
- There is no shc file and ./configure gives error HOT 1
- Compiling jq and its /usr/lib dependencies into single executable
- Release page doesn't contain compiled binary HOT 2
- Use environment commands HOT 1
- SHC binary having problems with jailed user HOT 2
- Is a compiled binary faster than the original script? HOT 1
- confused.
- Compile on arm64 for Intel X86_64 HOT 1
- /bin/csh: Event not found. HOT 2
- the -H argument compatibility
- Argument list too long (maybe caused by a bunch of commented lines) HOT 6
- Unable to run the compiled script on CheckPoint GAIA which is Red Had based
- executable does not run again following reboot HOT 3
- Pipes instead of command line and random locks HOT 5
- All Shellcommands are visible in the processlist HOT 4
- LeakSanitizer: detected memory leaks HOT 1
- Checksum of compiled output changes even if input is exactly the same
- Compiled shc not working on M2 Pro CPU HOT 2
- After using the shc 4.0.3 encrypted shell script in Centos7, running the encrypted script and using ps ax can reveal the source code HOT 2
- pollution of ps / top HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shc.