1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.1J.e">
<TITLE>The Answer Guy 41: How to Make a Shell Script "Unbreakable"</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Guy</font>
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By James T. Dennis,
<a href="mailto:answerguy@ssc.com">answerguy@ssc.com</a><BR>
LinuxCare,
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
</H4>
</center>
<p><hr><p>
<!-- endcut ======================================================= -->
<!-- begin 1 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>How to Make a Shell Script "Unbreakable"</H3>
<p><strong>From Nick Moffitt on Mon, 29 Mar 1999
</strong></p>
<!-- ::
How to Make a Shell Script "Unbreakable"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
How do I get a shell script to ignore ^C and ^Z?
</STRONG></P>
<P><em>
"The software is intended to be as unobtrusive, unintrusive and
unconstraining as possible. In software as elsewhere, good
engineering is whatever gets the job done without calling attention to
itself."
<br>-- Cynbe ru Taren, on Citadel (<A HREF="http://zork.net/cit/citadel.txt"
>http://zork.net/cit/citadel.txt</A>)
</em></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Well, with limitations you can do it with the
following:
</BLOCKQUOTE>
<BLOCKQUOTE><pre>
trap "" 2 20
</pre></BLOCKQUOTE>
<BLOCKQUOTE>
As in this simple script example:
</BLOCKQUOTE>
<blockquote><pre>#!/bin/bash
trap "" 2 20
while : ; do
echo -n .
sleep 1
done
</pre></blockquote>
<BLOCKQUOTE>
All I'm doing is setting the INTerrupt and terminal
stop signal handlers to a null string (to ignore
[Ctrl]+[C]) and [Ctrl]+[Z]).
</BLOCKQUOTE>
<BLOCKQUOTE>
The rest of the script just prints an endless stream
of dots at one second intervals to give you a chance
to play with the keyboard.
</BLOCKQUOTE>
<BLOCKQUOTE>
You see, your default terminal settings "cook" the
[Ctrl]-[C] into a <tt>SIGINT</tt> (generate a interrupt signal
to the foreground task) and [Ctrl]-[Z] to a <tt>SIGTSTP</tt>.
The default signal handlers for these "cancel/exit"
and "suspend" respectively.
</BLOCKQUOTE>
<BLOCKQUOTE>
This technique will also prevent '<tt>kill -INT</tt>' and
'<tt>kill -TSTP</tt>' from having their normal affect on
these processes.
</BLOCKQUOTE>
<BLOCKQUOTE>
You could also do something like this using
</BLOCKQUOTE>
<blockquote><pre> stty susp 0 intr 0
</pre></blockquote>
<BLOCKQUOTE>
... which merely changes the terminal settings so that
these keystrokes are no longer "cooked" into their
usual signals.
</BLOCKQUOTE>
<BLOCKQUOTE>
I believe that these tricks are inherently subject to
race conditions (there is a finite and "exploitable" amount
of time between the start of the script's execution and
the time that these commands have their effect.
</BLOCKQUOTE>
<BLOCKQUOTE>
So I think that they should not be used in any attempt to
provide security through some notion of an "unbreakable"
shell script.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 1 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/ssc.copying.html"
>Copyright ©</a> 1999, James T. Dennis
<BR>Published in <I>The Linux Gazette</I> Issue 41 May 1999</H5>
<P> <hr> <P>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<TABLE WIDTH="96%"><TR VALIGN="center" ALIGN="center">
<TD ROWSPAN="1" COLSPAN="1" WIDTH="30%"><A HREF="../lg_answer41.html"
><IMG SRC="../../gx/dennis/answernew.gif"
ALT="[ Answer Guy Index ]"></A></td>
<TD WIDTH="10%"><A HREF="1.html">1</A></TD>
<TD WIDTH="10%"><A HREF="2.html">2</A></TD>
<TD WIDTH="10%"><A HREF="3.html">3</A></TD>
<TD WIDTH="10%"><A HREF="4.html">4</A></TD>
<TD WIDTH="10%"><A HREF="5.html">5</A></TD>
<TD WIDTH="10%"><A HREF="6.html">6</A></TD>
</TR></TABLE>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<P> <hr> <P>
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="../lg_toc41.html"
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="../../index.html"
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="../lg_bytes41.html"
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="../lg_tips41.html"
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->
|
