TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ HPR3013: Bash Tips - 21

Podcasts hackerpublicradio.org

The Environment (More collateral Bash tips)

Overview

You will probably have seen references to The Environment in various contexts relating to shells, shell scripts, scripts in other languages and compiled programs.

In Unix and Unix-like operating systems an environment is maintained by the shell, and we will be looking at how Bash deals with this in this episode. When a script, program or subprocess is invoked it is given an array of strings called the environment. This is a list of name-value pairs, of the form name=value.

Using the environment

The environment is used to convey various pieces of information to the executing script or program. For example, two standard variables provided by the shell are 'HOME', which is set to the current user’s home directory and 'PWD, set to the current working directory. The shell user can set, change, remove and view environment variables for their own purposes as we will see in this episode. The Bash shell itself creates and in some cases manages environment variables.

The environment contains global data which is passed down to subprocesses (child processes) by copying. However, it is not possible for a subprocess to pass information back to the superior (parent) process.

Viewing the environment

You can view the environment in a number of ways.

  • From the command line the command printenv can do this (this is usually but not always a stand-alone command: it’s /usr/bin/printenv on my Debian system). We will look at this command later.

  • The command env without any arguments does the same thing as printenv without arguments. This is actually a tool to run a program in a modified environment which we will look at later. The environment printing capability can be regarded as more of a bonus feature.

  • Scripting languages like awk (as well as Python and Perl, to name just a few) can view and manipulate the environment.

  • Compiled languages such as C can do this too of course.

  • There are other commands that will show the environment, and we will look at some of these briefly.

Changing variables in the environment

The variables in the environment are not significantly different from the shell parameters we have seen throughout this Bash Tips series. The only difference is that they are marked for export to commands and sub-shells. You will often see variables (or parameters) in the environment referred to as environment variables. The Bash manual makes a distinction between ordinary parameters (variables) and environment variables, but many other sources are less precise about this in my experience.

The standard variables in the environment have upper-case names (HOME, SHELL, PWD, etc), but there is no reason why a variable you create should not be in lower or mixed case. In fact, the Bash manual suggests that you should avoid using all upper-case names so as not to clash with Bash’s variables.

Variables can be created and changed a number of ways.

  • They can be set up at login time (globally or locally) through various standard configuration files. It is intended to look at this subject in an upcoming episode so we will leave discussing the subject until then.
  • By preceding the command or script invocation with name=value expressions which will temporarily place these variables into the environment for the command
  • Using the export command
  • Using the declare command with the -x option
  • The value of an environment variable (once established) can be changed at any time in the sub-shell with a command like myvar=42, just as for a normal variable
  • The export command can also be used to turn off the export marker on a variable
  • Deletion is performed with the unset command (as seen earlier in the series)

We will look at all of these features in more detail later in the episode.

Long notes

I have provided detailed notes as usual for this episode, and these can be viewed here.

Links

...


Kompletten Artikel lesen (externe Quelle: http://hackerpublicradio.org/eps.php?id=3013)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

HPR3013: Bash Tips - 21

vom 781.8 Punkte
The Environment (More collateral Bash tips) Overview You will probably have seen references to The Environment in various contexts relating to shells, shell scripts, scripts in other languages and compiled programs. In Unix and Unix-like operating sys

HPR2719: Bash Tips - 17

vom 361.17 Punkte
Bash Tips - 17 (Additional auxiliary Bash tips) Arrays in Bash This is the second of a small group of shows on the subject of arrays in Bash. It is also the seventeenth show in the Bash Tips sub-series. In the last show we saw the two types of array

HPR2709: Bash Tips - 16

vom 345.45 Punkte
Bash Tips - 16 (Further auxiliary Bash tips) Arrays in Bash This is the first of a small group of shows on the subject of arrays in Bash. It is also the sixteenth show in the Bash Tips sub-series. We have encountered Bash arrays at various points throughout this sub

HPR2699: Bash Tips - 15

vom 281.94 Punkte
Bash Tips - 15 Pitfalls for the unwary Bash loop user This is the fifteenth episode covering useful tips for Bash users. In the last episode we looked at the 'for' loop, and prior to that we looked at 'while' and 'until' loops. In this one I want to look

HPR2699: Bash Tips - 15

vom 281.94 Punkte
Bash Tips - 15 Pitfalls for the unwary Bash loop user This is the fifteenth episode covering useful tips for Bash users. In the last episode we looked at the 'for' loop, and prior to that we looked at 'while' and 'until' loops. In this one I want to look

Command Injection Payload List

vom 200.43 Punkte
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP header

MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun...

vom 192.41 Punkte
Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in th

MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun...

vom 192.41 Punkte
Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in th

ShellShockHunter - It's A Simple Tool For Test Vulnerability Shellshock

vom 184.39 Punkte
It's a simple tool for test vulnerability shellshock Autor: MrCl0wnBlog: http://blog.mrcl0wn.comGitHub: https://github.com/MrCl0wnLabTwitter: https://twitter.com/MrCl0wnLabEmail: mrcl0wnlab\@\gmail.com Shellshock (software bug) Shellshock, also

Training with Multiple Workers using TensorFlow Quantum

vom 176.38 Punkte
Posted by Cheng Xing and Michael Broughton, Google Training large machine learning models is a core ability for TensorFlow. Over the years, scale has become an important feature in many modern machine learning systems for NLP, image recognition, drug

HPR3071: Bash snippet - quotes inside quoted strings

vom 172.21 Punkte
Bash and quoted strings An issue I just hit in Bash was that I had a quoted string, and I wanted to enclose it in quotes. How to do this? This is the umpteenth time I have stumbled over this issue, and I realised I had found out how to solve it a whil

USN-3294-1: Bash vulnerabilities

vom 160.34 Punkte
Ubuntu Security Notice USN-3294-1 17th May, 2017 bash vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues w

Team Security Diskussion über HPR3013: Bash Tips - 21