2

When a script runs in background that is creating copy of it with the parent process id in /tmp directory, ofcourse this copy is getting removed soon after the process is done, however during this run time any user has access to server they can view credentials.

My question is how can I change this behavior creating a copy in /tmp directory? if it can't be changed, how can I make sure there is only 640 permissions on the copy in /tmp directory.

Below is the script that runs in background with PID:32702884 there is a copy created in /tmp directory with sh32702884.1, any user can cat this file and see if any credentials. Please advice.

  oracle@orcl:/users/cmsc/oracle>nohup ./rman_del_obsolete_090616.ksh>rman_del_obsolete_090616.ksh.log &
  [1]     32702884
  oracle@orcl:/users/cmsc/oracle>ps -ef|grep ksh
  oracle 32702884 21627666   0 16:23:16  pts/0  0:00 sh -- ./rman_del_obsolete_090616.ksh 

oracle@orcl:/users/cmsc/oracle>cd /tmp
oracle@orcl:/tmp>ls -ltr sh*
-rwxrwxrwx    1 root     system         3340 Jan 03 2012  sharch_root.sh 
-rwxrwxrwx    1 ctmagent controlm       3340 Jan 03 2012  sharch_ctmagent.sh
-rw-r--r--    1 oracle   cdba         343185 Sep 06 16:23 sh32702884.1



  oracle@orcl:/tmp>head sh32702884.1
  connect target /
  connect catalog xxdfd/sscsxxxx@db1
  run{

  delete force  noprompt  backuppiece 'RMAN-ORV1-ARCH-20160718-474184-1';
  delete force  noprompt  backuppiece 'RMAN-ORV1-ARCH-20160718-474180-1';
  delete force  noprompt  backuppiece 'RMAN-ORV1-ARCH-20160718-474179-1';
  delete force  noprompt  backuppiece 'RMAN-ORV1-ARCH-20160718-474183-1';
  delete force  noprompt  backuppiece 'RMAN-ORV1-ARCH-20160717-474066-1';
  delete force  noprompt  backuppiece 'RMAN-ORV1-ARCH-20160717-474063-1';
  oracle@orcl:/tmp>
user188577
  • 21
  • Where did the rman script come from, ie was it written locally? Can you post a redacted and cut-down version somewhere we can see it? – Chris Davies Sep 06 '16 at 20:52
  • Script is created by me,here is the snippet of it,
    oracle@orcl:/users/cmsc/oracle>head rman_del_obsolete_090616.ksh rman<<EOF connect target / connect catalog xxdfd/sscsxxxx@db1 run{ 
       delete force  noprompt  backuppiece 'RMAN-ORV1-ARCH-20160718-474184-1';
    – user188577 Sep 06 '16 at 20:56
  • Ksh puts here documents in /tmp, but I thought they were unreadable by default. What version of ksh do you have? – Mark Plotnick Sep 06 '16 at 21:25
  • 1
    Please put your updates in your question. There is very little formatting available in comments. – Chris Davies Sep 06 '16 at 21:25
  • @MarkPlotnick I wondered if it was that. IIRC there was a bug in bash at one point that left here documents with interpolated variables in /tmp even after script termination. – Chris Davies Sep 06 '16 at 21:30
  • man ksh says "/tmp/sh* Contains temporary files that are created when a shell is opened." - may not be possible to override. – Jeff Schaller Sep 07 '16 at 13:38

1 Answers1

1

You could set umask in the script, e.g.,

umask 037

but if that does not help, you could make a temporary subdirectory of /tmp to be removed when the script exits, and set the permissions on that to prevent reading. Most applications pay attention of TMPDIR (and scripts can be modified to do this). AIX does not have mktemp (except as an add-on package), but you can do that with a shell script, e.g.,

umask 037
mytemp=/tmp/mytemp
mkdir $mytemp || exit 1
trap "cd /tmp;rm -rf $mytemp" EXIT HUP INT QUIT
TMPDIR="$mytemp"
export TMPDIR

and use $TMPDIR consistently where the script might say only /tmp.

The choice of name was just for example: good scripting would use something like mktemp to guard against symlink-attacks.

If you cannot directly edit that script, you should be able to do something like that, wrapping the program which creates the script with something that sets $TMPDIR to a less visible location.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Thomas Dickey
  • 76,765