Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating executables

Status
Not open for further replies.
lokachari

lokachari

Programmer
Mar 18, 2002
5
0
0
US
Hi,

I am writing a shell script. This script can be executed by some of the people. We are hardcoding one of the production server password in that script.

Since it contains the harcoded password I don't want anyone to open this file and read the password. Is there a way i can create a shared library file or something so that those people can only execute it and cannot read the contents.

Or is there a way that i can protect it by password for opening but is still executable in normal way.

Please help me.

Thanks in Advance
Chari
 
Sort by date Sort by votes
iribach: Seriously, get an attitude adjustment. Giving someone advice does not necessitate insulting them or their work.

And I'm not just talking about this one post; I'm also talking about all the countless other belittling posts you've made lately. All you are doing is crap.



lokachari: You're taking the wrong route. Even if you put the password into an executable, someone who knows what they're doing can read it.

Even if you encrypted the company password and required users to successfully enter a second password to "use" the company password, then those users would still be able to gain access to the company password.

I don't understand your exact situation, but you may want to look into a utility called "sudo" that lets specific users run specific commands as specific other users.
 
Upvote 0 Downvote
That's a shell script compiler. That does not solve the problem for the same reasons I discussed earlier.


Again, simply making the script into a binary executable would do nothing to hide the password.

Example:
Code: 
$ strings secret-executable
...
pAs$w0rD
...


Encrypting it would make it harder to discover the password,. But if the key to decrypt the password is inside the executable, it would still be possible for anyone to retrieve the password. And if the key is inside someone's head, then that person would be able to retrieve the company password or hire someone else to do it.

In the latter case, your company would merely know who to fire for leaking the password or cracking the system after all their confidential documents get stolen.


As has been stated before, you need to seek an alternate solution.
 
Upvote 0 Downvote
I have a script. That is just executable.
when I look for the file type it shows

executable (RISC System/6000) or object module not stripped.

Can someone suggest
How to create that kind of file which is just executable but not readable.
 
Upvote 0 Downvote
This isn't a script but a compiled program.
How to create that kind of file which is just executable but not readable
man cc

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
Hi PHV,
Thankyou for the response.
I looked into man cc. However, it says that the compilation is for c programs.

Is it possible to compile and build an executable file for shell script file.

Thankyou,
-Ramana
 
Upvote 0 Downvote
Sorry, the link is for Solaris and you're on RISC System/6000.
 
Upvote 0 Downvote
On linux you may not execute a file, which is unreadable, because executing is a form of reading.

It might be no fun to read a binary file, but with a hexeditor or a program like 'strings' you will find a password in the file - you only need to get the idea, that the password is inside the file.

seeking a job as java-programmer in Berlin:
 
Upvote 0 Downvote
Can I add my support to chipperMDW's suggestion to use sudo. I also run AIX on RS6000's and have exactly this problem. If the sudoers file contains the line
Code: 
ALL myhost = /usr/bin/su - root -c myprogwithpassword
Then the program myprogwithpassword can be locked to 700 permissions - i.e. you have to be root to read it.

Columb Healy
 
Upvote 0 Downvote
Chari,

Go to where you will find sudo and many other interesting tools.

Talking security in an ideal world only the bit of code that needs to execute as root should be executed as root, although it would be difficult to do such a thing in sudo.

If you want to use code then you'll need to do something a bit more inventive then include the password as a string. Here is an example of a very short bit of code.

#include <stdio.h>
#include <strings.h>

main(int argc, char *argv[])
{
int i;
char *s1;
static char s2[] = "1235235835813213";

for (i=0; i < 8; i=i+2) {
printf("%c",s2);
}
printf("\n");
}

And that is kinda limited. No go for sudo really! You could perhaps work something with groups too, but phew take the simplest route my friend.
 
Upvote 0 Downvote
Yes,

I stupid. Of course if you had a binary you could change the permissions so that strings wouldn't be able to run on it.

gva(lucm02a):/home/lucm02a/C $ ./hide
1325
gva(lucm02a):/home/lucm02a/C $ strings hide
hide: The file access permissions do not allow the specified action.
gva(lucm02a):/home/lucm02a/C $ ls -l hide
---x--x--x 1 555 system 52438 Apr 19 12:12 hide
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TebzaMajita
  • Locked
  • Question
Problems creating Emergency Boot Disk on Unixware 7.1.1
Replies
0
Views
25
TebzaMajita
TebzaMajita
Realign
  • Locked
  • Question
Creating a .Z file (Compression)
Replies
5
Views
134
mrn
mrn
kralj
  • Locked
  • Question
Fatal error when creating outgoing PPP connection
Replies
1
Views
29
kralj
kralj
stla
  • Locked
  • Question
Creating a delay and copying sequentially using cp
Replies
0
Views
20
stla
stla
dhaverstick
  • Locked
  • Question
Creating Device File to Read Partitioned DDS tapes
Replies
3
Views
41
Martin999
Martin999

Part and Inventory Search

Sponsor

Back
Top