The BICsuite Run Program Part 6: Security Considerations and Conclusion

Although, as we’ve seen, the run program on itself is a powerful feature, it is not without risks. Code injectionis the appropriate keyword here. Just imagine a run program like the following has been configured: run program = /bin/bash -c "ls -l $DIRSPEC" And that DIRSPEC is a parameter of type parameter. That means that if someone has operating privilegesfor that job, that person is able to change the contents of the DIRSPEC parameter. Hence, it wouldn’t be aproblem at all to change the...
More

The BICsuite Run Program Part 5: Circumventing limitations

Part 5 of the run program workshop for BICsuite and schedulix
The maximum length of the run program is limited to 512 characters. Usually this doesn’t feel like any kindof limitation. Sometimes though, especially when creating long inline scripts, the limit is easily reached.But even if the run program field is limited in length, the command line, that is executed after parametersubstitution, isn’t. This is because there is also no practical limitation to the maximum length of a parametervalue, parameters can be used to circumvent the 512 bytes limitation...
More

The BICsuite Run Program Part 4: Other interpreters

Part 4 of the run program workshop for BICsuite and schedulix
There’s nothing special about the Bourne shell. Other command interpreters or even a mix of them, typicallyshell and something else, can be used. Naturally adding languages does result in a more complex quoting;each level of interpretation adds another level of quoting. As an example we create a small script that is used to find the IP addresses from where an invalid loginattempt has been attempted. The output should have iptables format. As a script that could be called onitself, the task i...
More