1. IT-Security >
  2. Podcasts >
  3. HPR3013: Bash Tips - 21

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

HPR3013: Bash Tips - 21


Podcasts vom | Direktlink: hackerpublicradio.org Nachrichten Bewertung

The Environment (More collateral Bash tips)

Overview

You will probably have seen references to The Environment in various contexts relating to shells, shell scripts, scripts in other languages and compiled programs.

In Unix and Unix-like operating systems an environment is maintained by the shell, and we will be looking at how Bash deals with this in this episode. When a script, program or subprocess is invoked it is given an array of strings called the environment. This is a list of name-value pairs, of the form name=value.

Using the environment

The environment is used to convey various pieces of information to the executing script or program. For example, two standard variables provided by the shell are 'HOME', which is set to the current user’s home directory and 'PWD, set to the current working directory. The shell user can set, change, remove and view environment variables for their own purposes as we will see in this episode. The Bash shell itself creates and in some cases manages environment variables.

The environment contains global data which is passed down to subprocesses (child processes) by copying. However, it is not possible for a subprocess to pass information back to the superior (parent) process.

Viewing the environment

You can view the environment in a number of ways.

  • From the command line the command printenv can do this (this is usually but not always a stand-alone command: it’s /usr/bin/printenv on my Debian system). We will look at this command later.

  • The command env without any arguments does the same thing as printenv without arguments. This is actually a tool to run a program in a modified environment which we will look at later. The environment printing capability can be regarded as more of a bonus feature.

  • Scripting languages like awk (as well as Python and Perl, to name just a few) can view and manipulate the environment.

  • Compiled languages such as C can do this too of course.

  • There are other commands that will show the environment, and we will look at some of these briefly.

Changing variables in the environment

The variables in the environment are not significantly different from the shell parameters we have seen throughout this Bash Tips series. The only difference is that they are marked for export to commands and sub-shells. You will often see variables (or parameters) in the environment referred to as environment variables. The Bash manual makes a distinction between ordinary parameters (variables) and environment variables, but many other sources are less precise about this in my experience.

The standard variables in the environment have upper-case names (HOME, SHELL, PWD, etc), but there is no reason why a variable you create should not be in lower or mixed case. In fact, the Bash manual suggests that you should avoid using all upper-case names so as not to clash with Bash’s variables.

Variables can be created and changed a number of ways.

  • They can be set up at login time (globally or locally) through various standard configuration files. It is intended to look at this subject in an upcoming episode so we will leave discussing the subject until then.
  • By preceding the command or script invocation with name=value expressions which will temporarily place these variables into the environment for the command
  • Using the export command
  • Using the declare command with the -x option
  • The value of an environment variable (once established) can be changed at any time in the sub-shell with a command like myvar=42, just as for a normal variable
  • The export command can also be used to turn off the export marker on a variable
  • Deletion is performed with the unset command (as seen earlier in the series)

We will look at all of these features in more detail later in the episode.

Long notes

I have provided detailed notes as usual for this episode, and these can be viewed here.

Links

...

Externe Webseite mit kompletten Inhalt öffnen



http://hackerpublicradio.org/eps.php?id=3013

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • HPR3013: Bash Tips - 21

    vom 759.4 Punkte ic_school_black_18dp
    The Environment (More collateral Bash tips) Overview You will probably have seen references to The Environment in various contexts relating to shells, shell scripts, scripts in other languages and compiled programs. In Unix and Unix-like operating sys
  • HPR2719: Bash Tips - 17

    vom 347.44 Punkte ic_school_black_18dp
    Bash Tips - 17 (Additional auxiliary Bash tips) Arrays in Bash This is the second of a small group of shows on the subject of arrays in Bash. It is also the seventeenth show in the Bash Tips sub-series. In the last show we saw the two types of array
  • HPR2709: Bash Tips - 16

    vom 332.63 Punkte ic_school_black_18dp
    Bash Tips - 16 (Further auxiliary Bash tips) Arrays in Bash This is the first of a small group of shows on the subject of arrays in Bash. It is also the sixteenth show in the Bash Tips sub-series. We have encountered Bash arrays at various points throughout this sub
  • HPR2699: Bash Tips - 15

    vom 271.53 Punkte ic_school_black_18dp
    Bash Tips - 15 Pitfalls for the unwary Bash loop user This is the fifteenth episode covering useful tips for Bash users. In the last episode we looked at the 'for' loop, and prior to that we looked at 'while' and 'until' loops. In this one I want to look
  • HPR2699: Bash Tips - 15

    vom 271.53 Punkte ic_school_black_18dp
    Bash Tips - 15 Pitfalls for the unwary Bash loop user This is the fifteenth episode covering useful tips for Bash users. In the last episode we looked at the 'for' loop, and prior to that we looked at 'while' and 'until' loops. In this one I want to look
  • Command Injection Payload List

    vom 196.89 Punkte ic_school_black_18dp
    Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP header
  • MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun...

    vom 189.01 Punkte ic_school_black_18dp
    Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in th
  • MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun...

    vom 189.01 Punkte ic_school_black_18dp
    Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in th
  • USN-3294-1: Bash vulnerabilities

    vom 157.51 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3294-1 17th May, 2017 bash vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues w
  • Shellver - Reverse Shell Cheat Sheet Tool

    vom 110.26 Punkte ic_school_black_18dp
    Reverse Shell Cheat Sheet ToolInstall NoteClone the repository:git clone https://github.com/0xR0/shellver.gitThen go inside:cd shellver/Then install it:python setup.py -irun shellver -h or "shellver bash or perl {} python {} php {} ruby {} netcat {} xterm {} shell {
  • [HowTo] Rescue your system: error: hook ... Invalid value Path

    vom 102.38 Punkte ic_school_black_18dp
    @linux-aarhus wrote: What causes this? The issue is provoked when you don't maintain your system at regular intervals - and I am not thinking yearly - because such neglect will often result in similar problems. More technical i
  • BeRoot- A Post Exploitation Tool To Check Common Misconfigurations For Windows Linux And Mac OS

    vom 94.51 Punkte ic_school_black_18dp
    BeRoot- A Post Exploitation Tool To Check Common Misconfigurations For Windows Linux And Mac OS A compiled version is available here.It will be added to the pupy project as a post exploitation module (so it will be executed in memory without tou

Team Security Diskussion über HPR3013: Bash Tips - 21