Przejdลบ do treล›ci

๐Ÿ›ก๏ธ Shell Security Hardening

Shell scripts often run with elevated privileges, manipulate system resources, or handle sensitive data. Because the shell environment is inherently permissive and prone to injection, hardening is essential for safe, predictable, productionโ€‘grade automation.

๐ŸŽ“ Who This Is For

  • DevOps/SRE engineers maintaining production systems
  • Sysadmins writing privileged automation
  • Developers handling secrets, tokens, or user input
  • Anyone needing to reduce attack surface in shell scripts

๐Ÿงฉ Role in the Ecosystem

Shell scripts frequently:

  • Run as root
  • Execute external commands
  • Parse user input
  • Handle secrets
  • Interact with system services
  • Modify files, permissions, and devices

Without hardening, they are vulnerable to:

  • Command injection
  • Path hijacking
  • Unsafe temporary files
  • Leaked secrets
  • Privilege escalation
  • Race conditions

Hardening reduces these risks through defensive coding practices.

๐Ÿงฉ Key Concepts

1. Safe Defaults

Shells do not fail fast, sanitize input, or protect secrets by default.

2. Attack Surface

Every external command, file write, or environment variable is a potential vector.

3. Trust Boundaries

Scripts must assume all input is untrusted unless explicitly validated.

4. Privilege Minimization

Run with the lowest privileges required.

๐Ÿ”ง Techniques

Safe PATH

1
2
PATH="/usr/bin:/bin"
export PATH

Avoid including . or untrusted directories.

Safe Temporary Files

1
2
TMPFILE="$(mktemp)"
chmod 600 "$TMPFILE"

Never use predictable filenames.

Avoid eval

1
2
3
4
5
# BAD
eval "$user_input"

# GOOD
command -- "$user_input"

Quote Everything

1
printf '%s\n' "$var"

Prevents word splitting and glob expansion.

Validate Input

1
2
3
4
case "$mode" in
  start|stop|restart) ;;
  *) echo "invalid mode" >&2; exit 1 ;;
esac

Drop Privileges

1
sudo -u appuser command

Use Absolute Paths

1
/bin/mv -- "$src" "$dst"

Prevents PATH hijacking.

Disable Globs When Needed

1
set -f

Use umask

1
umask 077

Restricts default file permissions.

Avoid Leaking Secrets

Disable tracing around sensitive code:

1
2
3
set +x
TOKEN="$(cat token)"
set -x

See also: Secure Handling of Secrets

Use Traps for Cleanup

1
trap 'rm -f "$TMPFILE"' EXIT

See also: Traps & Signals

โš ๏ธ Limitations & Pitfalls

  • Shell cannot enforce strict typing
  • No sandboxing by default
  • No builtโ€‘in input validation
  • set -e behaves inconsistently across shells
  • Temporary files may persist after crashes
  • PATH hijacking is common in misconfigured systems
  • Globs and word splitting cause silent bugs

๐Ÿง  When to Use Hardening

  • Scripts running as root
  • CI/CD pipelines handling secrets
  • Automation modifying system state
  • Multiโ€‘user environments
  • Scripts exposed to user input
  • Productionโ€‘grade tooling

โŒ When Not to Use Shell

  • Complex securityโ€‘sensitive applications
  • Cryptographic operations
  • Multiโ€‘threaded or asynchronous workloads
  • Highโ€‘performance data processing

Use a real language (Python, Go, Rust) for these cases.

โœ… Best Practices

  • Always quote variables
  • Use absolute paths
  • Restrict PATH
  • Validate all input
  • Use mktemp for temporary files
  • Avoid eval
  • Use traps for cleanup
  • Drop privileges when possible
  • Disable tracing around secrets
  • Use umask 077 for sensitive operations
  • Test scripts under multiple shells

๐Ÿงช Testing Hardening

Check PATH safety:

1
printf '%s\n' "$PATH"

Check file permissions:

1
ls -l "$TMPFILE"

Check for unquoted variables:

1
grep -R '\$[A-Za-z_][A-Za-z0-9_]*' script.sh

Check for eval usage:

1
grep -R 'eval' script.sh

๐Ÿง  Summary

Shell security hardening reduces attack surface by enforcing safe defaults, validating input, avoiding dangerous constructs, and protecting secrets. These practices are essential for writing safe, predictable, productionโ€‘ready automation.