Find the answer to your Linux question:
Results 1 to 6 of 6
Is there any way to protect a bash script with a digital signature, so that it can't be executed if it has been meddled with? Or, if this is not ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2010
    Posts
    7

    Digitally Signing Bash Scripts


    Is there any way to protect a bash script with a digital signature, so that it can't be executed if it has been meddled with? Or, if this is not possible for bash scripts, is it possible for any other type of scripts (Python, Perl?) in Linux?

    Thanks, Joseph

  2. #2
    Linux User sgosnell's Avatar
    Join Date
    Oct 2010
    Location
    Baja Oklahoma
    Posts
    453
    As far as I know, no. Scripts are just text files, and I know of no way to add anything other than text.

  3. #3
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    Neither do I. But one should be able to implement it so that it works similar to pgp signed (or encrypted) emails.

    the biggest pros are:

    1] you can verify that a script comes from whoever
    2] you can let execute scripts by a specific user only (by encrypting it with his public key)

    the biggest cons are:

    1] what should a script do if it is run by a daemon without a user in front that can react on problems? i.e. you'll never know that a cronjob doesn't run unless you check it manually but you could rely on it
    2] if a script is marked executable (+x) a TRUSTED user has already logged into the host and executes it
    3] due to 2 you don't need signatures anymore cause it is already covered by the login mechanisms and therefore you bypass 1
    4] if a user is able to execute things and manipulate files he is not allowed to the host is compromised and sluggishly configured
    5] overhead / slow performance
    6] no security gained at all since once a user is logged in he can also have somehow jailbreaked into root or other accounts and uses those signatures to execute scripts; if he hadn't been able to login he would have no possibility to execute stuff
    7] when you hit ./script how does that script (or you) know that it is signed or just plain? hence the usage of scripts / commandline gets screwed up
    8] ...

    for those reasons (and many other problems) i am no fan of signed scripts unless you use the signature when you send it over email / install it. installations are rather safe since repositories usually are signed and publish signed content.

    there are several reasons why signed scripts make not much sense.

    but hey .. here is a stub how one could do it:

    Basically it would be a set of scripts that implement functions:

    Code:
    signed_source <- pack(source, signature)
    source <- unpack(signed_source, signature)
    bool <- verify(signed_source, signature)
    and a wrapper that makes use of the above functions:

    Code:
    # (1 = signed_source, 2 = signature)
    function execute {
       if [ verify $1 $2 ];
       then
           unpack $1 $2 > tmp
           source tmp
       else
           echo "signature fail"
       fi
    }
    Last edited by Kloschüssel; 02-02-2011 at 06:55 AM.

  4. #4
    Just Joined!
    Join Date
    Apr 2010
    Posts
    7
    Thanks, Kloschüssel. I'm not a security expert, but my impression is that digital signing of scripts would only make sense if the scripting engine can be configured to require signatures for all scripts it executes. In the Windows world, this is true of the PowerShell scripting engine.

    For Linux, I would guess that no-one has made it a priority to implement such a feature because the Linux architecture does not lend itself to the replication of viruses anyway?

    Anyway, from Googling around, I couldn't find any references to digitally signed scripts in Linux, but I just wanted to make sure that I'm not overlooking something if it does already exist.

    Joseph

  5. #5
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    You're welcome. The whole topic crossed my ways some years ago and also back then there was no use for it.

    There are strict permissions for each user and a script is in the end nothing else than a user executing commands. The script will therefore ever stay in its borders delimited by the permissions of the user.

    In the windows world before UAC these principles do not apply. A user can install software and the software can do whatever it wants. Windows treats every user action with the general assumption "this guy may be doing something bad" and they must as every software once installed by a administrator is itself administrator of the system. UAC was microsofts panic reaction and (in my eyes failed) approach of getting control over the problem by asking the user everytime something tries to alter the system. In general it is completely useless as the user in 99% of the time doesn't know what will happen if he clicks on the magic "Yes, execute" button and let the software do whatever it wants.

    These ideas were further driven by the "trusted computing" wave but that you'll have to read up yourself if you're interested in this topic.

    Final words:

    Digitally signing: yes, it's great to sign data so that someone can verify the data is provably from whoever was signed. But remember that if software is only signed and trusted to be good it doesn't need to be (see the scandals where DLLs with trojans were signed by verisign without their knowledge).

  6. #6
    Just Joined!
    Join Date
    Apr 2010
    Posts
    7
    >>In general it is completely useless as the user in 99% of the time doesn't know what will happen if he clicks on the magic "Yes, execute" button and let the software do whatever it wants.<<

    That's certainly true! And I'll bear in mind your insights about the limitations of digital signing as well. Thanks for your help.

    Joseph

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •